aws-security-audit
Comprehensive AWS security posture assessment using AWS CLI and security best practices
Install with Tessl CLI
npx tessl i github:boisenoise/skills-collections --skill aws-security-auditOverall
score
61%
Does it follow best practices?
If you maintain this skill, you can automatically optimize it using the tessl CLI to improve its score:
npx tessl skill review --optimize ./path/to/skillValidation for skill structure
Discovery
33%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description identifies the domain (AWS security) and mentions key tools but lacks the specificity and completeness needed for effective skill selection. It fails to list concrete actions performed and critically omits explicit trigger guidance ('Use when...'), making it difficult for Claude to know when to select this skill over others.
Suggestions
Add a 'Use when...' clause with explicit triggers like 'Use when the user asks about AWS security audits, IAM policy reviews, S3 bucket security, or cloud compliance checks'
List specific concrete actions such as 'Audits IAM policies, reviews security group configurations, checks S3 bucket permissions, analyzes CloudTrail logs'
Include natural trigger terms users would say: 'AWS audit', 'cloud security review', 'IAM permissions', 'security compliance', 'vulnerability assessment'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (AWS security) and mentions tools (AWS CLI) and general approach (security best practices), but lacks specific concrete actions like 'audit IAM policies, check S3 bucket permissions, review security groups'. | 2 / 3 |
Completeness | Describes what it does at a high level (security posture assessment) but completely lacks a 'Use when...' clause or any explicit trigger guidance for when Claude should select this skill. | 1 / 3 |
Trigger Term Quality | Includes relevant keywords like 'AWS', 'security', and 'AWS CLI' that users might mention, but misses common variations like 'cloud security', 'IAM audit', 'compliance check', 'security audit', or specific AWS services. | 2 / 3 |
Distinctiveness Conflict Risk | AWS-specific focus provides some distinction from generic security skills, but 'security posture assessment' is broad enough to potentially conflict with other AWS or cloud security skills. | 2 / 3 |
Total | 7 / 12 Passed |
Implementation
65%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a highly actionable AWS security audit skill with excellent, executable CLI commands and Python scripts. However, it's overly long for a SKILL.md file, mixing quick-reference commands with detailed compliance mappings and full scripts that would be better in separate files. The workflow lacks explicit validation steps for a security context where verification is critical.
Suggestions
Move the comprehensive audit script, security score calculator, and compliance mapping sections to separate reference files (e.g., SCRIPTS.md, COMPLIANCE.md) and link to them
Add explicit validation steps after remediation actions, such as 're-run the check to verify the fix was applied correctly'
Remove the 'When to Use', 'Example Prompts', and 'Kiro CLI Integration' sections as they don't add actionable value for Claude
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is comprehensive but includes some unnecessary sections like 'When to Use' and 'Example Prompts' that Claude doesn't need. The compliance mapping and best practices sections add bulk without providing actionable commands. | 2 / 3 |
Actionability | Excellent executable bash commands and Python scripts throughout. All code is copy-paste ready with specific AWS CLI commands, proper query syntax, and complete scripts for automated auditing. | 3 / 3 |
Workflow Clarity | Commands are well-organized by category but lack explicit validation checkpoints. For security audits involving potential remediation, there's no verify-before-fix workflow or rollback guidance for destructive operations. | 2 / 3 |
Progressive Disclosure | Content is organized into clear sections but is monolithic at ~300 lines. The compliance mapping, remediation priorities, and detailed scripts could be split into separate reference files with links from the main skill. | 2 / 3 |
Total | 9 / 12 Passed |
Validation
91%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.