aws-compliance-checker

Automated compliance checking against CIS, PCI-DSS, HIPAA, and SOC 2 benchmarks

Quality

27%

Does it follow best practices?

Impact

—

No eval scenarios have been run

Securityby

Passed

No known issues

Optimize this skill with Tessl

npx tessl skill review --optimize ./skills/antigravity-aws-compliance-checker/SKILL.md

Quality

Content

14%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This skill is a massive wall of inline scripts with poor organization and incomplete implementations. While some CIS and PCI-DSS checks contain real, executable AWS CLI commands, the overall skill suffers from extreme verbosity, missing workflow guidance, incomplete framework coverage (SOC 2 has zero implementation), and stub functions that add no value. The content would benefit enormously from being split into separate files per framework with a concise overview in SKILL.md.

Suggestions

Extract each framework's scripts (CIS, PCI-DSS, HIPAA) into separate bundle files (e.g., cis-checks.sh, pci-checker.py) and reference them from a concise SKILL.md overview

Add a clear workflow section with prerequisites (required IAM permissions, credential report generation), execution order, and validation steps for interpreting and acting on results

Remove the framework sub-category listings (Claude knows what PCI-DSS covers), the generic best practices, and the stub functions that return empty lists

Either implement SOC 2 checks or remove it from the supported frameworks list, and complete the placeholder comments in PCI-DSS (Requirements 2, 4)

Dimension	Reasoning	Score
Conciseness	Extremely verbose at ~400+ lines. Lists every compliance framework's sub-categories (which Claude already knows), includes massive bash scripts that are largely repetitive, explains what PCI-DSS and HIPAA stand for, and includes boilerplate sections like 'When to Use', 'Example Prompts', and 'Best Practices' with generic advice. The compliance-report.py has stub functions (run_cis_checks returning empty lists) adding no value.	1 / 3
Actionability	The CIS bash scripts and PCI-DSS Python checker contain real, executable AWS CLI commands and boto3 code that could be run. However, the compliance-report.py is incomplete with empty stub functions, SOC 2 has no implementation at all despite being listed, and several PCI-DSS requirements are left as comments ('Check for default passwords, etc.'). The scripts are partially actionable but incomplete.	2 / 3
Workflow Clarity	There is no clear workflow for how to actually use these scripts together. No sequencing of steps, no validation checkpoints, no guidance on prerequisites (e.g., IAM permissions needed, credential report generation), no error handling guidance, and no feedback loops. The scripts are presented as standalone fragments without integration into a coherent compliance-checking workflow.	1 / 3
Progressive Disclosure	All content is dumped into a single monolithic file with hundreds of lines of inline bash and Python scripts. There are no bundle files to offload the individual framework scripts to. The 'Additional Resources' section links to external sites but doesn't organize the skill's own content. Each framework's checks should be in separate referenced files.	1 / 3
	Total	5 / 12 Passed

Description

40%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description identifies a clear niche in compliance checking with specific benchmark frameworks, giving it good distinctiveness. However, it lacks a 'Use when...' clause entirely and doesn't describe concrete actions beyond generic 'checking', making it insufficient for Claude to reliably select this skill in the right contexts.

Suggestions

Add an explicit 'Use when...' clause, e.g., 'Use when the user asks about security compliance, audit readiness, regulatory benchmarks, or mentions CIS, PCI-DSS, HIPAA, or SOC 2.'

List specific concrete actions such as 'Scans infrastructure configurations, generates compliance reports, identifies policy violations, and recommends remediation steps.'

Include additional natural trigger terms like 'security audit', 'compliance scan', 'regulatory requirements', 'benchmark assessment', and 'security posture review'.

Dimension	Reasoning	Score
Specificity	Names the domain (compliance checking) and lists specific frameworks (CIS, PCI-DSS, HIPAA, SOC 2), but doesn't describe concrete actions beyond 'checking' — e.g., what does it produce? Reports, remediation steps, gap analysis?	2 / 3
Completeness	Describes what it does (compliance checking against benchmarks) but completely lacks a 'Use when...' clause or any explicit trigger guidance for when Claude should select this skill. Per rubric guidelines, missing 'Use when' caps completeness at 2, and the 'what' is also thin, warranting a 1.	1 / 3
Trigger Term Quality	Includes good framework-specific keywords (CIS, PCI-DSS, HIPAA, SOC 2) that users would naturally mention, but misses common variations like 'security audit', 'compliance scan', 'benchmark assessment', 'regulatory compliance', or 'security posture'.	2 / 3
Distinctiveness Conflict Risk	The combination of 'compliance checking' with specific named benchmarks (CIS, PCI-DSS, HIPAA, SOC 2) creates a clear niche that is unlikely to conflict with other skills.	3 / 3
	Total	8 / 12 Passed

Validation

81%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 9 / 11 Passed

Validation for skill structure

Criteria	Description	Result
skill_md_line_count	SKILL.md is long (522 lines); consider splitting into references/ and linking	Warning
frontmatter_unknown_keys	Unknown frontmatter key(s) found; consider removing or moving to metadata	Warning

	Total	9 / 11 Passed

Repository: boisenoise/skills-collections
Commit: 47e0c5a

Reviewed: 2 days ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.