aws-security-audit
Comprehensive AWS security posture assessment using AWS CLI and security best practices
43
18%
Does it follow best practices?
Impact
82%
1.12xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/antigravity-aws-security-audit/SKILL.mdQuality
Discovery
22%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description is too vague and high-level, reading more like a tagline than a functional skill description. It lacks concrete actions, specific trigger terms, and any explicit guidance on when Claude should select this skill. The use of buzzwords like 'comprehensive' and 'best practices' adds no discriminative value.
Suggestions
List specific concrete actions the skill performs, e.g., 'Audits IAM policies, reviews security group rules, checks S3 bucket permissions, evaluates CloudTrail logging configuration, and assesses encryption settings.'
Add an explicit 'Use when...' clause with natural trigger terms, e.g., 'Use when the user asks about AWS security audits, cloud security review, IAM permissions check, compliance assessment, or hardening AWS infrastructure.'
Include specific AWS service names and file types/tools to improve trigger term coverage, e.g., 'IAM, S3, EC2 security groups, CloudTrail, GuardDuty, AWS Config'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description uses vague language like 'comprehensive' and 'security posture assessment' without listing any concrete actions. It doesn't specify what assessments are performed (e.g., checking IAM policies, reviewing security groups, auditing S3 bucket permissions). | 1 / 3 |
Completeness | The description weakly addresses 'what' (security posture assessment) but provides no 'when' clause or explicit trigger guidance. There is no 'Use when...' or equivalent statement to guide Claude on when to select this skill. | 1 / 3 |
Trigger Term Quality | It includes some relevant keywords like 'AWS', 'security', and 'AWS CLI' that users might naturally mention, but misses common variations and specific terms like 'IAM', 'security groups', 'S3 permissions', 'compliance', 'audit', or 'vulnerability'. | 2 / 3 |
Distinctiveness Conflict Risk | While 'AWS security' narrows the domain somewhat, the description is broad enough to overlap with any AWS-related skill or general security auditing skill. It doesn't carve out a clear niche with distinct triggers. | 2 / 3 |
Total | 6 / 12 Passed |
Implementation
14%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill provides a broad collection of AWS security audit commands but suffers from being a monolithic, verbose reference document rather than a focused, actionable skill. It lacks a clear workflow sequence, validation checkpoints, and proper content organization. The compliance mapping, remediation priorities, and detailed command references should be split into separate files, with the main skill providing a concise audit workflow with explicit steps and verification points.
Suggestions
Create a clear step-by-step audit workflow (e.g., 1. Verify prerequisites/permissions, 2. Run IAM checks, 3. Review findings, 4. Run network checks, etc.) with explicit validation checkpoints after each phase.
Move the detailed command references, compliance mapping, and remediation priorities into separate bundle files (e.g., IAM_CHECKS.md, NETWORK_CHECKS.md, COMPLIANCE.md) and reference them from a concise overview.
Remove the audit categories listing section entirely—it duplicates what the actual commands section already covers and adds no actionable value.
Fix the Python security score calculator to be fully executable (complete the credential report parsing, remove bare except blocks) or remove it in favor of the bash script approach.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is extremely verbose at ~300+ lines. It includes extensive lists of audit categories that merely describe what to check (which Claude already knows), compliance mapping tables that are reference material better suited to separate files, generic best practices, example prompts, and a Python security score calculator with incomplete/placeholder logic. Much of this could be cut or externalized. | 1 / 3 |
Actionability | The bash commands are mostly executable and copy-paste ready, which is good. However, the Python security score calculator has incomplete logic (the credential report parsing is stubbed out with a comment), bare `except: pass` blocks, and the automated audit script hardcodes a trail name ('my-trail'). The compliance mapping and remediation priorities sections are descriptive rather than actionable. | 2 / 3 |
Workflow Clarity | There is no clear sequenced workflow for conducting an audit. The skill presents a flat collection of commands organized by category but lacks a step-by-step process: no guidance on prerequisites (credentials, permissions needed), no sequencing of which checks to run first, no validation checkpoints, and no feedback loop for handling errors or acting on findings. For a security audit involving potentially sensitive operations, this is a significant gap. | 1 / 3 |
Progressive Disclosure | The entire skill is a monolithic wall of content with no bundle files to reference. The compliance mapping, remediation priorities, individual audit category commands, and the Python script should all be in separate referenced files. Everything is inlined into a single massive document with no clear navigation structure beyond flat headings. | 1 / 3 |
Total | 5 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- boisenoise/skills-collections
- Commit
8ac11ab
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.