CtrlK
BlogDocsLog inGet started
Tessl Logo

aws-iam-best-practices

IAM policy review, hardening, and least privilege implementation

54

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Quality

Content

65%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The body is highly actionable with executable code and complete templates, but it is verbose and redundant, lacks a sequenced workflow with validation checkpoints for destructive operations, and is a monolithic single file instead of using progressive disclosure.

Suggestions

Remove redundancy: pick either the bash or python hardening checks and consolidate the overlapping Core Principles, Best Practices, and Hardening Checklist sections.

Add explicit validation steps to destructive operations (e.g. verify the new access key works before deactivating/deleting the old one) and present hardening as a sequenced workflow.

Move the policy templates and the hardening script into separate bundle files referenced one level deep from SKILL.md to apply progressive disclosure.

DimensionReasoningScore

Conciseness

Most content is actionable rather than fluff, but the body is large and redundant — bash and python blocks duplicate the same checks, and the Core Principles, Best Practices, and Hardening Checklist sections overlap — while the Core Principles section explains basic IAM concepts Claude already knows; it also embeds a time-based policy with hard-coded 2026 dates outside any deprecated section.

2 / 3

Actionability

Provides fully executable bash commands, a runnable boto3 hardening script, and complete copy-paste JSON policy templates with specific resources and conditions.

3 / 3

Workflow Clarity

Content is organized as a catalog of checks and templates rather than a sequenced workflow, and the destructive access-key rotation/deactivation steps lack explicit validation checkpoints, so per the guidelines workflow clarity is capped at 2.

2 / 3

Progressive Disclosure

The skill is well-organized into clear sections but is monolithic at ~400 lines with no bundle files; the python script and policy templates are inline content that could be split into separate referenced files rather than signaled one-level-deep references.

2 / 3

Total

9

/

12

Passed

Description

57%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description is third-person and clearly scoped to AWS IAM, but it only covers the "what" without an explicit "Use when" trigger and uses somewhat abstract action terms. It is solid but not exemplary.

Suggestions

Add an explicit trigger clause, e.g. "Use when reviewing IAM policies, implementing least privilege, or hardening AWS account security".

Make actions more concrete (e.g. "find overly permissive policies, enforce MFA, rotate access keys") instead of the generic "hardening".

Broaden trigger-term coverage to include natural phrasings like MFA, access keys, permissions, and IAM roles.

DimensionReasoningScore

Specificity

Names the domain ("IAM policy") and a few actions ("review", "hardening", "least privilege implementation"), but these are relatively high-level and "hardening" is buzzword-ish rather than the concrete multiple actions the level-3 anchor requires.

2 / 3

Completeness

It clearly states what the skill does but has no "Use when..." or equivalent trigger clause, so per the guidelines completeness is capped at 2 with the "when" only implied.

2 / 3

Trigger Term Quality

Contains relevant natural terms a user might say ("IAM policy review", "hardening", "least privilege"), but coverage is limited and omits common variations like MFA, access keys, permissions, or roles that the level-3 anchor expects.

2 / 3

Distinctiveness Conflict Risk

The AWS IAM niche is specific and distinguishable from other skills, with triggers unlikely to fire for unrelated skills.

3 / 3

Total

9

/

12

Passed

Validation

93%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation15 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

15

/

16

Passed

Repository
boisenoise/skills-collections
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.