CtrlK
BlogDocsLog inGet started
Tessl Logo

aws-security-audit

Comprehensive AWS security posture assessment using AWS CLI and security best practices

70

1.12x
Quality

Does it follow best practices?

Impact

82%

1.12x

Average score across 3 eval scenarios

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Quality

Content

65%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The body is highly actionable with ready-to-run AWS CLI commands, but it is verbose and monolithic, repeating checks in a redundant script and lacking an explicit sequenced workflow with validation checkpoints. Splitting the scripts into bundle files and removing duplication would improve it.

Suggestions

Move the comprehensive-security-audit.sh and security-score.py scripts into a ./scripts/ bundle and reference them, removing the duplicated inline copies.

Add an explicit sequenced audit workflow with verification checkpoints (e.g., verify credentials/permissions, run each category, validate findings before remediation).

Trim generic sections ('Best Practices', 'Example Prompts') that restate what Claude already knows about running security audits.

DimensionReasoningScore

Conciseness

Mostly efficient concrete commands, but the 'Automated Security Audit Script' duplicates the per-category checks already shown and the generic 'Best Practices'/'Example Prompts' sections add padding.

2 / 3

Actionability

Extensive copy-paste-ready AWS CLI commands with real --query filters and a working Python scoring script provide fully executable, specific guidance.

3 / 3

Workflow Clarity

Content is organized by audit category rather than as a sequenced workflow, with no explicit validation/verification checkpoints or feedback loops for the audit-to-remediation process.

2 / 3

Progressive Disclosure

No bundle files exist and the full audit script and Python scorer are inlined in a ~370-line monolith; content that should be split into separate files is inline, though sections are well labeled.

2 / 3

Total

9

/

12

Passed

Description

57%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description clearly identifies the AWS security audit niche and is distinct, but it names only one action and lacks an explicit 'Use when' trigger clause. Adding concrete action verbs and a trigger clause would raise specificity and completeness.

Suggestions

List multiple concrete actions (e.g., 'identify misconfigured IAM policies, open security groups, unencrypted resources') instead of the single verb 'assessment'.

Add a 'Use when...' trigger clause (e.g., 'Use when auditing AWS security posture, preparing for compliance, or investigating misconfigurations').

Include common user phrasings like 'security audit', 'compliance check', or 'find misconfigurations' as natural trigger terms.

DimensionReasoningScore

Specificity

Names the domain ('AWS security posture') and a concrete action ('assessment') with tools ('AWS CLI'), but lists only one action verb rather than multiple specific concrete actions.

2 / 3

Completeness

States what the skill does but has no 'Use when...' clause or equivalent explicit trigger guidance, which caps completeness at 2.

2 / 3

Trigger Term Quality

Contains natural user terms ('AWS', 'security', 'audit', 'posture assessment') but misses common variations and lacks explicit trigger phrasings.

2 / 3

Distinctiveness Conflict Risk

The AWS-security-specific scope is a clear niche with distinct triggers, making it unlikely to fire for unrelated skills.

3 / 3

Total

9

/

12

Passed

Validation

93%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation15 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

15

/

16

Passed

Repository
boisenoise/skills-collections
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.