aws-iam-best-practices
IAM policy review, hardening, and least privilege implementation
49
37%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/antigravity-aws-iam-best-practices/SKILL.mdQuality
Discovery
32%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description identifies a clear domain (IAM policy) and lists three related activities, but it reads more like a topic label than a functional skill description. It lacks a 'Use when...' clause, misses common user-facing trigger terms (e.g., 'permissions', 'access control', 'AWS'), and doesn't enumerate specific concrete actions in enough detail to reliably distinguish it from adjacent security skills.
Suggestions
Add an explicit 'Use when...' clause, e.g., 'Use when the user asks about IAM policies, AWS permissions, role access, overprivileged accounts, or security hardening.'
Include natural trigger term variations users would say, such as 'permissions', 'access control', 'AWS IAM', 'role policies', 'security audit', and 'overprivileged'.
Expand the capability list with more concrete actions, e.g., 'Audits existing IAM roles for unused permissions, generates least-privilege policy documents, identifies overprivileged accounts, and recommends policy scoping improvements.'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (IAM policy) and some actions (review, hardening, least privilege implementation), but doesn't list multiple concrete granular actions like 'audit role permissions, remove unused policies, generate scoped policy documents'. | 2 / 3 |
Completeness | Describes what the skill does (IAM policy review, hardening, least privilege implementation) but completely lacks a 'Use when...' clause or any explicit trigger guidance for when Claude should select this skill. Per rubric guidelines, a missing 'Use when...' clause caps completeness at 2, and since the 'what' is also only moderately detailed, this scores a 1. | 1 / 3 |
Trigger Term Quality | Includes relevant keywords like 'IAM policy', 'least privilege', and 'hardening' that users familiar with AWS/cloud security would use, but misses common variations like 'permissions', 'access control', 'AWS IAM', 'role policy', 'security audit', or 'overprivileged'. | 2 / 3 |
Distinctiveness Conflict Risk | IAM policy is a fairly specific domain that narrows the scope, but without explicit triggers it could overlap with general cloud security, AWS configuration, or broader security review skills. | 2 / 3 |
Total | 7 / 12 Passed |
Implementation
42%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill excels in actionability with executable bash commands, Python scripts, and ready-to-use IAM policy templates. However, it is significantly bloated with redundant explanations of concepts Claude already knows (IAM principles, MFA, least privilege), and all content is crammed into a single monolithic file rather than being appropriately split. The lack of a clear end-to-end workflow with validation checkpoints for potentially destructive IAM operations is a notable gap.
Suggestions
Remove the 'Core Principles', 'When to Use', 'Example Prompts', and generic 'Best Practices' sections — Claude already knows IAM fundamentals and these waste tokens.
Split the content: move policy templates to POLICY_TEMPLATES.md, the Python hardening script to iam-hardening.py, and bash audit commands to IAM_AUDIT.md, with clear one-level references from the main skill.
Add an explicit sequenced workflow for IAM hardening (e.g., 1. Run audit → 2. Review findings → 3. Apply fixes → 4. Validate changes → 5. Monitor) with validation checkpoints between steps.
Add validation/rollback guidance for destructive operations like key rotation and user removal (e.g., 'Verify new key works before deactivating old key; if services fail, reactivate with...').
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is extremely verbose at ~300+ lines. It explains basic IAM concepts Claude already knows (what least privilege means, what MFA is, what defense in depth is), includes a 'When to Use' section that restates the description, lists 'Example Prompts' and 'Best Practices' bullet points that are common knowledge, and has a 'Kiro CLI Integration' section of questionable value. The core principles section is entirely redundant for Claude. | 1 / 3 |
Actionability | The skill provides fully executable bash scripts and Python code for IAM auditing, complete JSON policy templates that are copy-paste ready, and specific AWS CLI commands with proper query syntax. The code examples are concrete, complete, and immediately usable. | 3 / 3 |
Workflow Clarity | While the skill provides a hardening checklist and individual scripts, there's no clear sequenced workflow tying the steps together. The access key rotation section hints at a workflow (create new → update apps → delete old → deactivate) but lacks explicit validation checkpoints. For destructive operations like deleting access keys or deactivating users, there are no feedback loops or rollback guidance. | 2 / 3 |
Progressive Disclosure | This is a monolithic wall of content with everything inline — bash scripts, Python scripts, JSON policy templates, checklists, best practices, and resources all in one file. The policy templates, the Python hardening script, and the bash audit commands could each be separate referenced files. There are no references to external skill files for deeper content. | 1 / 3 |
Total | 7 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- boisenoise/skills-collections
- Commit
431bfad
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.