aws-compliance-checker
Automated compliance checking against CIS, PCI-DSS, HIPAA, and SOC 2 benchmarks
40
27%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/antigravity-aws-compliance-checker/SKILL.mdQuality
Discovery
40%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description identifies a clear niche in compliance checking with specific benchmark frameworks, which makes it distinctive. However, it lacks a 'Use when...' clause, doesn't enumerate concrete actions beyond generic 'checking', and misses common user-facing trigger terms like 'security audit' or 'compliance scan'. It reads more like a feature label than a skill description.
Suggestions
Add a 'Use when...' clause with explicit triggers, e.g., 'Use when the user asks about security compliance, regulatory audits, benchmark assessments, or hardening checks against CIS, PCI-DSS, HIPAA, or SOC 2 standards.'
Expand the concrete actions described, e.g., 'Scans infrastructure configurations, generates compliance reports, identifies policy violations, and recommends remediation steps.'
Include additional natural trigger terms users might say, such as 'security audit', 'compliance scan', 'regulatory check', 'benchmark assessment', or 'configuration hardening'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (compliance checking) and lists specific frameworks (CIS, PCI-DSS, HIPAA, SOC 2), but doesn't describe concrete actions beyond 'checking' — e.g., what does it produce? Reports, remediation steps, configuration audits? | 2 / 3 |
Completeness | Describes what it does (compliance checking against benchmarks) but completely lacks a 'Use when...' clause or any explicit trigger guidance for when Claude should select this skill. Per rubric guidelines, missing 'Use when' caps completeness at 2, and the 'what' is also thin, warranting a 1. | 1 / 3 |
Trigger Term Quality | Includes good framework-specific keywords (CIS, PCI-DSS, HIPAA, SOC 2) that users would naturally mention, but misses common variations like 'security audit', 'compliance scan', 'benchmark assessment', 'regulatory compliance', or 'hardening'. | 2 / 3 |
Distinctiveness Conflict Risk | The combination of 'compliance checking' with specific benchmark names (CIS, PCI-DSS, HIPAA, SOC 2) creates a clear niche that is unlikely to conflict with other skills. | 3 / 3 |
Total | 8 / 12 Passed |
Implementation
14%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is a verbose dump of compliance-checking scripts with no clear workflow, no progressive disclosure, and significant incomplete sections (SOC 2 entirely missing, stub functions in the reporting script). While some individual scripts contain real executable AWS CLI commands, the overall structure fails as a skill document—it reads more like a code repository without organization or guidance on how to actually conduct a compliance check end-to-end.
Suggestions
Extract the individual framework check scripts into separate referenced files (e.g., cis-checks.md, pci-checks.md) and keep SKILL.md as a concise overview with navigation links
Add a clear workflow section: 1) Choose framework, 2) Run checks, 3) Review findings, 4) Remediate issues, 5) Re-validate—with explicit validation checkpoints
Remove or fully implement stub sections: either complete the SOC 2 checks and compliance-report.py stub functions, or remove them entirely
Eliminate redundant content across frameworks (MFA checks, encryption checks) by creating shared utility functions referenced once
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Extremely verbose at ~400+ lines. The supported frameworks section lists obvious categories (e.g., 'Network security', 'Access controls') that add no value. The compliance-report.py has stub functions returning empty lists. SOC 2 is listed as supported but has zero implementation. Much content is redundant across frameworks (e.g., MFA checks appear in CIS, PCI, and HIPAA sections). | 1 / 3 |
Actionability | The CIS bash scripts and PCI-DSS Python checker contain real, mostly executable AWS CLI commands and boto3 code. However, the compliance-report.py has empty stub functions (run_cis_checks returns []), PCI-DSS checks have placeholder comments ('Check for default passwords, etc.'), and SOC 2 has no implementation at all despite being listed as supported. | 2 / 3 |
Workflow Clarity | There is no clear workflow for how to actually use these scripts together. No sequencing of steps, no validation checkpoints, no guidance on what to do when issues are found (remediation steps), and no feedback loops. The scripts are just dumped as standalone files with no integration guidance. | 1 / 3 |
Progressive Disclosure | Everything is inlined in one massive monolithic file. The CIS checks alone span hundreds of lines across IAM, Logging, Monitoring, and Networking sections. These should be split into separate reference files with the SKILL.md providing an overview and navigation. The 'Additional Resources' section at the end is minimal and doesn't reference any internal files. | 1 / 3 |
Total | 5 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
skill_md_line_count | SKILL.md is long (517 lines); consider splitting into references/ and linking | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Repository
- boisenoise/skills-collections
- Commit
f1697b6
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.