aws-compliance-checker
Automated compliance checking against CIS, PCI-DSS, HIPAA, and SOC 2 benchmarks
40
27%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/antigravity-aws-compliance-checker/SKILL.mdQuality
Discovery
40%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description identifies a clear domain niche with specific compliance frameworks, giving it good distinctiveness. However, it lacks a 'Use when...' clause entirely and doesn't describe concrete actions beyond generic 'checking,' making it insufficient for Claude to reliably select this skill in a large skill library.
Suggestions
Add an explicit 'Use when...' clause, e.g., 'Use when the user asks about security compliance, regulatory audits, benchmark assessments, or mentions CIS, PCI-DSS, HIPAA, or SOC 2.'
List specific concrete actions such as 'Scans infrastructure configurations, generates compliance reports, identifies policy violations, and recommends remediation steps.'
Include additional natural trigger terms users might say, such as 'security audit', 'compliance scan', 'regulatory check', 'hardening', or 'security posture'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (compliance checking) and lists specific frameworks (CIS, PCI-DSS, HIPAA, SOC 2), but doesn't describe concrete actions beyond 'checking' — e.g., what does it produce? Reports, remediation steps, configuration audits? | 2 / 3 |
Completeness | Describes what it does (compliance checking against benchmarks) but completely lacks a 'Use when...' clause or any explicit trigger guidance for when Claude should select this skill. Per rubric guidelines, missing 'Use when' caps completeness at 2, and the 'what' is also thin, warranting a 1. | 1 / 3 |
Trigger Term Quality | Includes good framework-specific keywords (CIS, PCI-DSS, HIPAA, SOC 2) that users would naturally mention, but misses common variations like 'security audit', 'compliance scan', 'benchmark', 'hardening', or 'regulatory compliance'. | 2 / 3 |
Distinctiveness Conflict Risk | The combination of 'compliance checking' with specific named benchmarks (CIS, PCI-DSS, HIPAA, SOC 2) creates a clear niche that is unlikely to conflict with other skills. | 3 / 3 |
Total | 8 / 12 Passed |
Implementation
14%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is a massive monolithic dump of compliance checking scripts with no clear workflow, poor organization, and significant verbosity. While some bash scripts are executable, key sections (SOC 2, parts of PCI-DSS, the reporting framework) are stubs or missing entirely. The content would benefit enormously from being restructured into a concise overview with references to separate framework-specific files, and adding a clear end-to-end workflow with validation steps.
Suggestions
Restructure into a concise SKILL.md overview (under 80 lines) with references to separate files like CIS_CHECKS.md, PCI_CHECKS.md, HIPAA_CHECKS.md for the detailed scripts
Add a clear end-to-end workflow: prerequisites (AWS credentials, permissions needed) → select framework → run checks → review results → remediate → re-validate
Remove the 'Supported Frameworks' category listings (Claude knows what PCI-DSS and HIPAA cover) and the empty stub functions in compliance-report.py
Either implement SOC 2 checks or remove it from the supported frameworks list; incomplete stubs reduce trust in the skill's actionability
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Extremely verbose at ~400+ lines. Lists every CIS check category, includes massive bash scripts inline, explains framework categories Claude already knows (what PCI-DSS covers, what HIPAA sections mean), and the compliance-report.py has stub functions that return empty lists. The 'Supported Frameworks' section is pure padding listing well-known framework categories. | 1 / 3 |
Actionability | The bash scripts for CIS checks are mostly executable and concrete, but the PCI-DSS Python checker has incomplete stubs (Requirements 2, 4 are comments only), the compliance-report.py has empty check functions returning [], and SOC 2 has no implementation at all despite being listed as supported. Mixed quality between real code and placeholder code. | 2 / 3 |
Workflow Clarity | There is no clear workflow for how to actually run a compliance check end-to-end. Scripts are presented as standalone files with no sequencing, no validation checkpoints, no guidance on what to do when checks fail, and no error handling for missing AWS credentials or permissions. For a skill involving security auditing, the lack of any verification or remediation workflow is a significant gap. | 1 / 3 |
Progressive Disclosure | All content is dumped into a single monolithic file with hundreds of lines of inline bash and Python scripts. The CIS checks alone could be split into separate reference files. There are no internal cross-references to separate files for detailed checks; everything is inline creating a wall of code. | 1 / 3 |
Total | 5 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
skill_md_line_count | SKILL.md is long (522 lines); consider splitting into references/ and linking | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Repository
- boisenoise/skills-collections
- Commit
431bfad
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.