aws-security-audit
Comprehensive AWS security posture assessment using AWS CLI and security best practices
34
18%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/antigravity-aws-security-audit/SKILL.mdQuality
Discovery
22%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is too vague and high-level to effectively guide skill selection. It lacks concrete actions, specific AWS services or checks it performs, and has no explicit trigger guidance ('Use when...'). The buzzword 'comprehensive' adds no value and the description reads more like a marketing tagline than a functional skill description.
Suggestions
List specific concrete actions the skill performs, e.g., 'Audits IAM policies, checks S3 bucket permissions, reviews security group rules, evaluates CloudTrail logging configuration, and assesses encryption settings.'
Add an explicit 'Use when...' clause with natural trigger terms, e.g., 'Use when the user asks about AWS security audits, cloud compliance checks, IAM review, or wants to assess their AWS account security.'
Include specific AWS service names and file types as trigger terms (e.g., 'IAM', 'S3', 'CloudTrail', 'VPC', 'security groups', 'compliance') to improve discoverability and reduce conflict with generic security skills.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description uses vague language like 'comprehensive' and 'security posture assessment' without listing any concrete actions. It doesn't specify what it actually does (e.g., check IAM policies, audit S3 bucket permissions, review security groups). | 1 / 3 |
Completeness | The 'what' is vaguely stated as 'security posture assessment' without specifics, and there is no 'when' clause or explicit trigger guidance at all. The missing 'Use when...' clause caps this at 2 per the rubric, but the weak 'what' brings it to 1. | 1 / 3 |
Trigger Term Quality | It includes some relevant keywords like 'AWS', 'security', and 'AWS CLI' that users might naturally mention, but misses common variations like 'IAM', 'S3 permissions', 'security groups', 'compliance', 'audit', or specific AWS service names. | 2 / 3 |
Distinctiveness Conflict Risk | The mention of 'AWS' and 'AWS CLI' provides some specificity to distinguish it from generic security skills, but 'security posture assessment' is broad enough to overlap with other AWS or cloud security-related skills. | 2 / 3 |
Total | 6 / 12 Passed |
Implementation
14%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill reads more like a reference dump than an actionable guide. While it provides many useful AWS CLI commands, the lack of a clear workflow, excessive verbosity, incomplete code (especially the Python scorer), and monolithic structure significantly reduce its effectiveness. The content would benefit greatly from being restructured into a concise overview with references to detailed sub-files, and from adding a clear step-by-step audit workflow with validation checkpoints.
Suggestions
Add a clear step-by-step audit workflow at the top (e.g., 1. Verify credentials/permissions, 2. Run IAM checks, 3. Review findings, 4. Run network checks, etc.) with explicit validation checkpoints like verifying AWS CLI access and checking that credential reports are generated before parsing them.
Split the content into separate files: keep SKILL.md as a concise overview with the workflow, and move detailed commands to IAM_CHECKS.md, NETWORK_CHECKS.md, DATA_CHECKS.md, LOGGING_CHECKS.md, and COMPLIANCE.md with clear one-level-deep references.
Remove or drastically condense the audit categories list (Claude knows what IAM, encryption, and logging concerns are), the compliance mapping section, the example prompts, and the generic best practices—these add bulk without actionable value.
Fix the Python security score calculator to be actually executable (implement credential report parsing, remove bare except, add proper error handling) or remove it entirely in favor of the more complete bash script.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is extremely verbose at ~300+ lines. It includes extensive lists of audit categories that merely name well-known security concerns (Claude already knows these), a compliance mapping section that's just bullet-point labels, generic best practices, example prompts, and a Python security score calculator with incomplete logic (bare except, placeholder comment). Much of this could be cut or condensed significantly. | 1 / 3 |
Actionability | The bash commands are mostly executable and copy-paste ready, which is good. However, the Python security score calculator is incomplete (the credential report parsing is stubbed out with a comment and bare except), the 'find overly permissive policies' command only checks for a policy literally named 'AdministratorAccess' which is misleading, and the automated audit script hardcodes a trail name 'my-trail'. Several commands would fail or produce misleading results without modification. | 2 / 3 |
Workflow Clarity | There is no clear sequenced workflow for conducting an audit. The content is organized as a reference catalog of individual commands grouped by category, but there's no guidance on order of operations, no validation checkpoints (e.g., verify AWS credentials/permissions first), no feedback loops for handling errors or failed checks, and no clear process for what to do with findings beyond a static priority list. | 1 / 3 |
Progressive Disclosure | This is a monolithic wall of content with everything inlined—individual check commands, a full audit script, a Python scoring tool, compliance mappings, remediation priorities, best practices, and external links all in one file. The compliance mapping, remediation priorities, and the full scripts should be in separate referenced files. There's no clear overview-to-detail navigation structure. | 1 / 3 |
Total | 5 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- boisenoise/skills-collections
- Commit
353f6a8
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.