CtrlK
BlogDocsLog inGet started
Tessl Logo

aws-compliance-checker

Automated compliance checking against CIS, PCI-DSS, HIPAA, and SOC 2 benchmarks

46

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Quality

Content

50%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The body is rich with concrete, executable AWS CLI checks across four frameworks, but it is a monolithic inline dump with incomplete stub sections, no sequenced validation workflow, and no progressive disclosure into reference files. It is functional but not token-efficient or well-structured.

Suggestions

Move the large CIS/PCI/HIPAA scripts into a scripts/ directory and keep SKILL.md as an overview that points to them, restoring progressive disclosure and conciseness.

Complete the stubbed run_cis_checks/run_pci_checks/run_hipaa_checks functions and the commented-out PCI Requirements 2 and 4 so all code is executable end-to-end.

Add an explicit run-and-validate workflow (e.g., run checks -> collect findings -> re-verify failures -> emit report) with checkpoints for these batch compliance operations.

DimensionReasoningScore

Conciseness

There is no concept-explainer fluff, but roughly 400 lines of inline bash/python code belong in scripts/ or reference files rather than SKILL.md, matching anchor 2 ('could be tightened') rather than the lean anchor 3.

2 / 3

Actionability

Most CIS/HIPAA blocks are copy-paste-ready AWS CLI, but PCI Requirement 2 and 4 are bare comments and the run_cis_checks/run_pci_checks/run_hipaa_checks functions are stubs returning [], so key details are incomplete (anchor 2).

2 / 3

Workflow Clarity

Checks are organized by framework and include inline pass/fail markers, but there is no sequenced multi-step workflow with explicit validation checkpoints or feedback loops for these batch operations, matching anchor 2.

2 / 3

Progressive Disclosure

No bundle files exist and all content is inline; sections are clear but content that should be split into separate reference files is not, matching anchor 2 rather than the well-signaled one-level-deep anchor 3.

2 / 3

Total

8

/

12

Passed

Description

50%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description names the compliance domain and four specific benchmarks, giving it reasonable specificity, but it omits the AWS scope and any explicit 'use when' trigger. It answers 'what' but not 'when', and risks overlapping with non-AWS compliance skills.

Suggestions

Add an explicit 'Use when...' trigger clause (e.g., 'Use when auditing an AWS account against CIS, PCI-DSS, HIPAA, or SOC 2 benchmarks').

Include the cloud scope explicitly ('AWS compliance checking...') so it does not conflict with non-AWS compliance skills.

Add a second concrete action verb (e.g., 'validate and report on compliance') to broaden the action set beyond the single verb 'checking'.

DimensionReasoningScore

Specificity

Names the domain and four concrete benchmarks ('CIS, PCI-DSS, HIPAA, and SOC 2') but offers only one action ('compliance checking') rather than a list of multiple specific actions, matching anchor 2 rather than 3.

2 / 3

Completeness

It clearly states what the skill does but includes no 'Use when...' or equivalent trigger clause; per guidelines a missing explicit trigger caps completeness at 2.

2 / 3

Trigger Term Quality

The framework names are natural user terms, but the description omits 'AWS' (the skill is AWS-only) and 'audit', so coverage of common variations is incomplete, matching anchor 2.

2 / 3

Distinctiveness Conflict Risk

The benchmark names carve a niche, but because 'AWS' is absent the description could still overlap with non-cloud or other-cloud compliance skills, matching anchor 2.

2 / 3

Total

8

/

12

Passed

Validation

87%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation14 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

skill_md_line_count

SKILL.md is long (522 lines); consider splitting into references/ and linking

Warning

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

14

/

16

Passed

Repository
boisenoise/skills-collections
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.