aws-iam-best-practices

IAM policy review, hardening, and least privilege implementation

Quality

37%

Does it follow best practices?

Impact

—

No eval scenarios have been run

Securityby

Passed

No known issues

Optimize this skill with Tessl

npx tessl skill review --optimize ./skills/antigravity-aws-iam-best-practices/SKILL.md

Quality

Content

42%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The skill provides genuinely useful, executable AWS CLI commands and Python scripts for IAM auditing, along with solid policy templates. However, it is far too verbose, explaining concepts Claude already knows and including sections like 'Core Principles' and 'Best Practices' that are common IAM knowledge. The content would benefit greatly from being split into referenced files and trimmed of explanatory padding.

Suggestions

Remove the 'Core Principles', 'When to Use', 'Example Prompts', 'Best Practices', 'Kiro CLI Integration', and 'Additional Resources' sections—these are either common knowledge for Claude or not actionable.

Extract policy templates into a separate POLICY_TEMPLATES.md file and the Python hardening script into a separate script file, keeping SKILL.md as a concise overview with references.

Add an explicit end-to-end workflow sequence for performing an IAM review (e.g., 1. Run audit scripts → 2. Review findings → 3. Apply fixes → 4. Validate changes → 5. Generate report) with validation checkpoints.

For the access key rotation section, add explicit validation steps (e.g., 'Verify new key works before deactivating old key') to prevent accidental lockouts.

Dimension	Reasoning	Score
Conciseness	The skill is extremely verbose at ~300+ lines. It explains basic IAM concepts Claude already knows (what least privilege means, what MFA is, what defense in depth is), includes a 'When to Use' section that's redundant, lists 'Example Prompts' and 'Best Practices' bullet points that are common knowledge, and has a 'Kiro CLI Integration' section and 'Additional Resources' links that add little value. The core principles section is entirely unnecessary for Claude.	1 / 3
Actionability	The skill provides fully executable bash scripts and Python code for IAM auditing, concrete JSON policy templates that are copy-paste ready, and specific AWS CLI commands with proper query syntax. The automated hardening script is complete and runnable.	3 / 3
Workflow Clarity	While the skill provides a hardening checklist and individual scripts, there's no clear sequenced workflow for performing an IAM review end-to-end. The access key rotation section has a partial workflow (create new → update apps → deactivate old → delete) but lacks explicit validation checkpoints. For destructive operations like key rotation, there should be clearer verify-before-proceeding steps.	2 / 3
Progressive Disclosure	This is a monolithic wall of content with no bundle files to reference. Everything—audit scripts, policy templates, Python automation, checklists—is crammed into a single file. The policy templates and the Python hardening script should be in separate referenced files, with SKILL.md serving as an overview with pointers.	1 / 3
	Total	7 / 12 Passed

Description

32%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description identifies a clear domain (IAM policy) with some relevant actions but lacks a 'Use when...' clause, reducing its effectiveness for skill selection. It would benefit from explicit trigger terms, platform specificity, and guidance on when Claude should choose this skill over other security-related skills.

Suggestions

Add a 'Use when...' clause with explicit triggers, e.g., 'Use when the user asks about IAM policies, role permissions, access control review, or least privilege enforcement.'

Include common user-facing keywords and platform context, e.g., 'AWS IAM', 'permissions', 'access control', 'security policies', 'role policies', '.json policy files'.

List more specific concrete actions, e.g., 'Audits IAM role permissions, identifies overly permissive policies, generates least-privilege policy documents, and recommends policy hardening changes.'

Dimension	Reasoning	Score
Specificity	Names the domain (IAM policy) and some actions (review, hardening, least privilege implementation), but doesn't list multiple concrete granular actions like 'audit role permissions, remove unused policies, generate scoped policy documents'.	2 / 3
Completeness	Describes what the skill does but completely lacks a 'Use when...' clause or any explicit trigger guidance for when Claude should select this skill. Per rubric guidelines, a missing 'Use when...' clause caps completeness at 2, and since the 'what' is also only moderately detailed, this scores a 1.	1 / 3
Trigger Term Quality	Includes relevant keywords like 'IAM policy', 'least privilege', and 'hardening', but misses common user variations such as 'AWS IAM', 'permissions', 'access control', 'security policy', 'role permissions', or 'policy audit'.	2 / 3
Distinctiveness Conflict Risk	IAM policy is a reasonably specific domain, but without specifying the platform (AWS, GCP, Azure) or explicit triggers, it could overlap with general security review or cloud configuration skills.	2 / 3
	Total	7 / 12 Passed

Validation

90%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 10 / 11 Passed

Validation for skill structure

Criteria	Description	Result
frontmatter_unknown_keys	Unknown frontmatter key(s) found; consider removing or moving to metadata	Warning

	Total	10 / 11 Passed

Repository: boisenoise/skills-collections
Commit: 47e0c5a

Reviewed: 2 days ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.