aws-security-audit
Comprehensive AWS security posture assessment using AWS CLI and security best practices
34
18%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/antigravity-aws-security-audit/SKILL.mdQuality
Discovery
22%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description is too high-level and reads more like a tagline than a functional skill description. It lacks concrete actions (e.g., checking IAM policies, auditing S3 buckets, reviewing security groups) and completely omits explicit trigger guidance for when Claude should select this skill. The buzzword 'comprehensive' adds no value.
Suggestions
Add a 'Use when...' clause with explicit triggers, e.g., 'Use when the user asks about AWS security audits, IAM policy reviews, S3 bucket permissions, security group configurations, or compliance checks.'
Replace 'comprehensive security posture assessment' with specific concrete actions, e.g., 'Audits IAM policies, reviews S3 bucket permissions, checks security group rules, evaluates CloudTrail logging, and identifies overly permissive access configurations.'
Include natural trigger terms users would say, such as 'security audit', 'IAM review', 'S3 permissions', 'security groups', 'compliance', 'access control', and specific AWS service names.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description uses vague language like 'comprehensive' and 'security posture assessment' without listing any concrete actions. It doesn't specify what checks are performed, what outputs are generated, or what specific AWS services are evaluated. | 1 / 3 |
Completeness | The description weakly addresses 'what' (security posture assessment) but completely lacks a 'when' clause or any explicit trigger guidance. There is no 'Use when...' or equivalent statement to guide skill selection. | 1 / 3 |
Trigger Term Quality | It includes some relevant keywords like 'AWS', 'security', 'AWS CLI', and 'security best practices' that users might naturally mention. However, it misses common variations like 'IAM', 'S3 bucket permissions', 'security audit', 'compliance check', 'vulnerability scan', or specific AWS service names. | 2 / 3 |
Distinctiveness Conflict Risk | The mention of 'AWS' and 'security posture assessment' provides some specificity, but 'security best practices' is broad enough to overlap with general security skills, compliance skills, or other AWS-related skills. | 2 / 3 |
Total | 6 / 12 Passed |
Implementation
14%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill provides a useful collection of AWS CLI security audit commands but suffers from significant verbosity, lack of workflow structure, and monolithic organization. Much of the content (audit categories lists, compliance mappings, best practices, example prompts) is generic security knowledge that Claude already possesses and wastes token budget. The skill would benefit greatly from being restructured into a concise overview with a clear audit workflow, splitting detailed commands and compliance references into separate files.
Suggestions
Add a clear step-by-step audit workflow (e.g., 1. Generate credential report, 2. Run IAM checks, 3. Run network checks, 4. Review findings, 5. Validate results) with explicit validation checkpoints between phases.
Remove the audit categories bullet lists, compliance mapping, remediation priorities, best practices, and example prompts sections - these are generic security knowledge Claude already has. Keep only the actionable commands and scripts.
Split into multiple files: keep SKILL.md as a concise overview with the audit workflow, and move detailed commands into separate files like IAM_CHECKS.md, NETWORK_CHECKS.md, DATA_CHECKS.md, LOGGING_CHECKS.md.
Fix the Python security score calculator to have complete, executable logic rather than stubbed-out credential report parsing with bare except clauses.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is extremely verbose at ~300+ lines. It includes extensive lists of audit categories that merely describe what to check (which Claude already knows), a compliance mapping section that's just a high-level list, remediation priorities that are generic security knowledge, best practices that are obvious, and example prompts that add no value. Much of this could be cut by 60%+ without losing actionable content. | 1 / 3 |
Actionability | The bash commands are mostly executable and concrete, which is good. However, the Python security score calculator has incomplete logic (the credential report parsing is stubbed with a comment and bare except), the 'overly permissive policies' check only looks for a policy literally named 'AdministratorAccess' which is misleading, and the automated audit script hardcodes 'my-trail' as a trail name. Several commands would need modification to actually work. | 2 / 3 |
Workflow Clarity | There is no clear workflow sequence for conducting an audit. The skill presents a flat collection of commands organized by category but never defines a step-by-step process with validation checkpoints. For a security audit involving potentially destructive remediation and batch operations across an AWS account, the absence of any sequencing, verification steps, or error handling guidance is a significant gap. | 1 / 3 |
Progressive Disclosure | This is a monolithic wall of content with everything inlined. The compliance mapping, remediation priorities, individual check commands, the full audit script, and the Python scorer are all in one file. The audit categories section duplicates information that's then repeated in the commands section. No content is split into separate reference files despite the skill being well over 200 lines. | 1 / 3 |
Total | 5 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- boisenoise/skills-collections
- Commit
f1697b6
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.