secrets-management
Implement secure secrets management for CI/CD pipelines using Vault, AWS Secrets Manager, or native platform solutions. Use when handling sensitive credentials, rotating secrets, or securing CI/CD environments.
Overall
score
82%
Does it follow best practices?
If you maintain this skill, you can automatically optimize it using the tessl CLI to improve its score:
npx tessl skill review --optimize ./path/to/skillEvaluation — 86%
↑ 1.12xAgent success when using this skill
Validation for skill structure
Discovery
90%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a solid skill description that clearly communicates its purpose and when to use it. The explicit 'Use when...' clause with specific triggers is a strength. The main weakness is that the capabilities could be more concrete—listing specific actions like 'configure secret rotation', 'inject secrets into build pipelines', or 'set up access policies' would strengthen the specificity.
Suggestions
Expand the capabilities with more concrete actions such as 'configure automatic secret rotation', 'inject secrets into build pipelines', 'set up access policies and audit logging'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (secrets management, CI/CD) and mentions specific tools (Vault, AWS Secrets Manager), but the actions are somewhat general ('implement', 'handling', 'rotating', 'securing') rather than listing multiple concrete operations like 'inject secrets into pipelines, configure automatic rotation policies, set up access controls'. | 2 / 3 |
Completeness | Clearly answers both what ('Implement secure secrets management for CI/CD pipelines using Vault, AWS Secrets Manager, or native platform solutions') and when ('Use when handling sensitive credentials, rotating secrets, or securing CI/CD environments') with explicit trigger guidance. | 3 / 3 |
Trigger Term Quality | Good coverage of natural terms users would say: 'secrets management', 'CI/CD pipelines', 'Vault', 'AWS Secrets Manager', 'credentials', 'rotating secrets'. These are terms users would naturally use when needing this skill. | 3 / 3 |
Distinctiveness Conflict Risk | Clear niche focused specifically on secrets management in CI/CD contexts with named tools (Vault, AWS Secrets Manager). Unlikely to conflict with general security skills or generic CI/CD skills due to the specific focus on credentials and secrets. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
73%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill provides comprehensive, actionable guidance for secrets management across multiple platforms with executable code examples. The main weaknesses are some verbose feature descriptions that Claude doesn't need, and missing validation/verification steps in workflows involving secret rotation and updates. The structure and progressive disclosure are well-executed.
Suggestions
Remove the bullet-point feature lists for each tool (HashiCorp Vault, AWS Secrets Manager, etc.) as Claude already knows these capabilities
Add explicit validation steps to the secret rotation workflow (e.g., 'Verify new secret works before revoking old one' with actual test commands)
Include error handling and rollback procedures in the Lambda rotation example
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill includes some unnecessary explanatory content (tool feature lists that Claude already knows) and could be tightened. The bullet-point feature lists for each tool (e.g., 'Centralized secrets management', 'Dynamic secrets generation') add little value. | 2 / 3 |
Actionability | Provides fully executable code examples across multiple platforms (Vault, AWS, GitHub Actions, GitLab CI, Terraform, Kubernetes). Commands are copy-paste ready with specific syntax and real configuration patterns. | 3 / 3 |
Workflow Clarity | While individual code snippets are clear, multi-step processes lack explicit validation checkpoints. The manual rotation process lists steps but doesn't include verification commands. Secret rotation Lambda example doesn't show error handling or rollback. | 2 / 3 |
Progressive Disclosure | Well-organized with clear sections, references to external files (vault-setup.md, github-secrets.md), and related skills. Content is appropriately structured with quick examples in main file and deeper content referenced elsewhere. | 3 / 3 |
Total | 10 / 12 Passed |
Validation
88%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 14 / 16 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
metadata_version | 'metadata' field is not a dictionary | Warning |
license_field | 'license' field is missing | Warning |
Total | 14 / 16 Passed | |
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.