aws-iam-best-practices
IAM policy review, hardening, and least privilege implementation
39
37%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/antigravity-aws-iam-best-practices/SKILL.mdQuality
Discovery
32%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description identifies a clear domain (IAM policy) with some relevant actions but lacks a 'Use when...' clause, reducing its effectiveness for skill selection. It would benefit from explicit trigger terms, platform specificity, and natural language keywords users would actually say when needing this skill.
Suggestions
Add a 'Use when...' clause with explicit triggers, e.g., 'Use when the user asks about IAM policies, AWS permissions, role access, security hardening, or least privilege.'
Include platform-specific terms and common user variations like 'AWS IAM', 'permissions', 'access control', 'role policies', 'security audit', '.json policy files'.
Expand the concrete actions listed, e.g., 'Audits IAM role permissions, removes overly broad policies, generates least-privilege scoped policies, and identifies unused access grants.'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (IAM policy) and some actions (review, hardening, least privilege implementation), but doesn't list multiple concrete granular actions like 'audit role permissions, remove unused policies, generate scoped policy documents'. | 2 / 3 |
Completeness | Describes what the skill does but completely lacks a 'Use when...' clause or any explicit trigger guidance for when Claude should select this skill. Per rubric guidelines, a missing 'Use when...' clause caps completeness at 2, and since the 'what' is also only moderately detailed, this scores a 1. | 1 / 3 |
Trigger Term Quality | Includes relevant keywords like 'IAM policy', 'least privilege', and 'hardening', but misses common user variations such as 'AWS IAM', 'permissions', 'access control', 'security policy', 'role permissions', or 'policy audit'. | 2 / 3 |
Distinctiveness Conflict Risk | IAM policy is a reasonably specific domain, but without specifying the platform (AWS, GCP, Azure) or explicit triggers, it could overlap with general security review or cloud configuration skills. | 2 / 3 |
Total | 7 / 12 Passed |
Implementation
42%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill provides genuinely useful, executable AWS CLI commands, Python scripts, and IAM policy templates for security hardening. However, it is significantly bloated with redundant explanations of concepts Claude already knows, lacks a clear sequenced workflow with validation checkpoints, and dumps everything into a single monolithic file rather than using progressive disclosure to separate templates, scripts, and reference material.
Suggestions
Reduce content by 50%+: remove the 'Core Principles' conceptual section, 'When to Use', 'Example Prompts', 'Best Practices' recap, and 'Additional Resources' — Claude already knows IAM fundamentals and these sections duplicate each other.
Extract the JSON policy templates into a separate POLICY_TEMPLATES.md file and the Python hardening script into a separate script file, referencing them from the main SKILL.md overview.
Add a clear sequenced workflow: e.g., '1. Run audit script → 2. Review findings → 3. Apply fixes → 4. Re-run audit to verify → 5. Document changes' with explicit validation gates between steps.
Remove the 'Kiro CLI Integration' section which appears to be boilerplate and adds no IAM-specific value.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is extremely verbose at ~300+ lines. It explains basic IAM concepts Claude already knows (what least privilege means, what MFA is, what defense in depth is), includes a 'When to Use' section that's redundant, lists 'Example Prompts' and 'Additional Resources' that add no instructional value, and repeats similar patterns (bash loops for policy scanning) multiple times. The 'Best Practices' bullet list at the end largely restates the 'Core Principles' section. | 1 / 3 |
Actionability | The skill provides fully executable bash commands and Python scripts for IAM auditing, concrete JSON policy templates that are copy-paste ready, and specific AWS CLI commands with proper query syntax. The code examples are complete and runnable. | 3 / 3 |
Workflow Clarity | The skill presents individual checks and scripts but lacks a clear sequenced workflow for an IAM review process. There are no explicit validation checkpoints or feedback loops — for example, after finding overpermissive policies, there's no guided remediation-then-verify sequence. The access key rotation section hints at a workflow (create new, update apps, delete old) but doesn't enforce verification steps. | 2 / 3 |
Progressive Disclosure | The content is a monolithic wall of text with everything inline — bash scripts, Python scripts, JSON templates, checklists, and principles all in one file. There are no bundle files to offload the policy templates, the Python hardening script, or the detailed CLI commands into separate referenced files. The 'Additional Resources' section links to external AWS docs but doesn't organize the skill's own content across files. | 1 / 3 |
Total | 7 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- boisenoise/skills-collections
- Commit
8ac11ab
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.