aws-penetration-testing
Provide comprehensive techniques for penetration testing AWS cloud environments. Covers IAM enumeration, privilege escalation, SSRF to metadata endpoint, S3 bucket exploitation, Lambda code extraction, and persistence techniques for red team operations.
62
73%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Critical
Do not install without reviewing
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/antigravity-aws-penetration-testing/SKILL.mdQuality
Discovery
82%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong description with excellent specificity and domain-relevant trigger terms that security professionals would naturally use. Its main weakness is the absence of an explicit 'Use when...' clause, which would help Claude know precisely when to select this skill. The description is well-scoped to a clear niche, making it highly distinguishable from other skills.
Suggestions
Add an explicit 'Use when...' clause, e.g., 'Use when the user asks about AWS penetration testing, cloud security assessments, red teaming AWS infrastructure, or exploiting AWS services like IAM, S3, or Lambda.'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: IAM enumeration, privilege escalation, SSRF to metadata endpoint, S3 bucket exploitation, Lambda code extraction, and persistence techniques. These are well-defined, actionable capabilities. | 3 / 3 |
Completeness | Clearly answers 'what does this do' with specific techniques, but lacks an explicit 'Use when...' clause or equivalent trigger guidance. The 'when' is only implied through the domain context of penetration testing and red team operations. | 2 / 3 |
Trigger Term Quality | Includes strong natural keywords users would say: 'penetration testing', 'AWS', 'IAM', 'privilege escalation', 'SSRF', 'S3 bucket', 'Lambda', 'red team'. These cover the domain well and match how security professionals naturally describe these tasks. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with a clear niche: AWS-specific penetration testing and red team operations. The combination of cloud security, specific AWS services (IAM, S3, Lambda), and offensive security techniques makes it very unlikely to conflict with other skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
64%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a comprehensive AWS penetration testing skill with strong actionability—nearly every technique includes executable commands and concrete examples. However, it suffers from being overly long for a single SKILL.md without adequate progressive disclosure, and critically lacks validation/verification steps in its workflows for operations that are destructive or security-sensitive. Some minor verbosity could be trimmed where Claude's existing AWS knowledge is assumed.
Suggestions
Add explicit validation checkpoints after key operations (e.g., 'Verify policy attachment: aws iam list-attached-user-policies --user-name my_username' after privilege escalation steps) to create feedback loops for error recovery.
Split detailed exploitation sections (S3, EC2, Lambda, SSM) into separate reference files and keep SKILL.md as a concise overview with links, improving progressive disclosure and reducing the monolithic length.
Remove contextual framing sentences that Claude doesn't need (e.g., 'Systems Manager allows command execution on EC2 instances', the redundant Purpose section, and the boilerplate 'When to Use' section).
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is reasonably efficient with tables and code blocks, but includes some unnecessary explanations (e.g., 'Systems Manager allows command execution on EC2 instances', the Purpose section restating the description, the 'When to Use' boilerplate). The Shadow Admin permissions table and Quick Reference table add value, but overall it could be tightened—Claude already understands AWS concepts and doesn't need contextual framing. | 2 / 3 |
Actionability | Nearly all guidance is concrete with executable bash commands and Python code. Commands include specific flags, placeholder values are clearly marked, and the workflow progresses from enumeration through exploitation with copy-paste ready examples. The Lambda privilege escalation includes both the Python payload and the deployment command. | 3 / 3 |
Workflow Clarity | The core workflow has numbered steps (1-3) for initial phases, but lacks validation checkpoints and feedback loops. For destructive/risky operations like disabling CloudTrail, mounting EBS volumes, or privilege escalation, there are no verification steps (e.g., 'confirm the policy attached successfully' or 'validate credentials work before proceeding'). The Constraints section mentions documentation but doesn't integrate verification into the workflow itself. | 2 / 3 |
Progressive Disclosure | The skill references 'references/advanced-aws-pentesting.md' for advanced topics, which is good progressive disclosure structure. However, no bundle files are provided, so that reference is unverifiable. The main file itself is quite long (~300+ lines) with several sections that could be split into separate reference files (S3 exploitation, EC2 exploitation, covering tracks) to keep the SKILL.md as a leaner overview. | 2 / 3 |
Total | 9 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- boisenoise/skills-collections
- Commit
8ac11ab
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.