CtrlK
BlogDocsLog inGet started
Tessl Logo

aws-compliance-checker

Automated compliance checking against CIS, PCI-DSS, HIPAA, and SOC 2 benchmarks

68

1.53x

Quality

52%

Does it follow best practices?

Impact

100%

1.53x

Average score across 3 eval scenarios

SecuritybySnyk

Passed

No known issues

Optimize this skill with Tessl

npx tessl skill review --optimize ./skills/antigravity-aws-compliance-checker/SKILL.md
SKILL.md
Quality
Evals
Security

Evaluation results

100%

70%

CIS Benchmark CloudWatch Monitoring Audit

CIS monitoring metric filter checks

Criteria
Without context
With context

unauthorized-api-calls filter

0%

100%

no-mfa-console-signin filter

0%

100%

root-usage filter

0%

100%

iam-changes filter

0%

100%

cloudtrail-changes filter

0%

100%

console-signin-failures filter

0%

100%

cmk-changes filter

0%

100%

s3-bucket-policy-changes filter

0%

100%

aws-config-changes filter

0%

100%

security-group-changes filter

0%

100%

nacl-changes filter

0%

100%

network-gateway-changes filter

0%

100%

route-table-changes filter

0%

100%

vpc-changes filter

0%

100%

Retrieve log group from CloudTrail

100%

100%

Query existing metric filters

100%

100%

Pass/fail output per filter

100%

100%

Without context: $0.2092 · 56s · 11 turns · 55 in / 3,636 out tokens

With context: $0.3690 · 52s · 19 turns · 24 in / 2,908 out tokens

100%

PCI-DSS AWS Infrastructure Compliance Assessment

PCI-DSS boto3 compliance checker

Criteria
Without context
With context

Uses boto3 library

100%

100%

EC2 boto3 client

100%

100%

IAM boto3 client

100%

100%

CloudTrail boto3 client

100%

100%

Req 1 network check

100%

100%

Req 3 encryption check

100%

100%

Req 8 MFA check

100%

100%

Req 10 CloudTrail check

100%

100%

PCI requirement references

100%

100%

Collects issues as list

100%

100%

Runnable as script

100%

100%

Without context: $0.3792 · 1m 32s · 18 turns · 23 in / 6,572 out tokens

With context: $0.3968 · 1m 10s · 19 turns · 430 in / 3,993 out tokens

100%

33%

Multi-Framework AWS Compliance Report Generator

Compliance report structure and file naming

Criteria
Without context
With context

generate_compliance_report function

0%

100%

Supports 'cis' framework

100%

100%

Supports 'pci' framework

100%

100%

Supports 'hipaa' framework

100%

100%

Report 'framework' key

62%

100%

Report 'generated' key

50%

100%

Report 'checks' key

100%

100%

Summary 'total' key

40%

100%

Summary 'passed' key

100%

100%

Summary 'failed' key

100%

100%

Summary 'score' key

40%

100%

File naming convention

16%

100%

CLI framework argument

100%

100%

Without context: $0.3220 · 1m 32s · 13 turns · 20 in / 6,162 out tokens

With context: $0.9142 · 3m 16s · 24 turns · 30 in / 15,304 out tokens

Repository
boisenoise/skills-collections
Commit

5c5ae21

Evaluated
Agent
Claude Code
Model
Claude Sonnet 4.6

Table of Contents

CIS Benchmark CloudWatch Monitoring AuditPCI-DSS AWS Infrastructure Compliance AssessmentMulti-Framework AWS Compliance Report Generator

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill