cloud-audit
Audit cloud infrastructure (AWS, GCP, Azure) for misconfigurations, excessive permissions, and security gaps. Use when the user mentions 'cloud security,' 'cloud audit,' 'AWS security,' 'GCP security,' 'Azure security,' 'IAM audit,' 'S3 bucket,' 'cloud misconfiguration,' 'cloud hardening,' or needs to review cloud infrastructure security.
68
82%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Risky
Do not use without reviewing
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong skill description that clearly defines its scope (cloud infrastructure security auditing across AWS, GCP, and Azure), lists specific actions (identifying misconfigurations, excessive permissions, security gaps), and provides an explicit and comprehensive 'Use when' clause with natural trigger terms. It uses proper third-person voice and is concise yet thorough.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'audit cloud infrastructure,' 'misconfigurations,' 'excessive permissions,' and 'security gaps,' along with naming specific platforms (AWS, GCP, Azure). | 3 / 3 |
Completeness | Clearly answers both 'what' (audit cloud infrastructure for misconfigurations, excessive permissions, and security gaps) and 'when' (explicit 'Use when...' clause with a comprehensive list of trigger scenarios). | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural trigger terms users would say: 'cloud security,' 'cloud audit,' 'AWS security,' 'GCP security,' 'Azure security,' 'IAM audit,' 'S3 bucket,' 'cloud misconfiguration,' 'cloud hardening.' These are terms users would naturally use when seeking this kind of help. | 3 / 3 |
Distinctiveness Conflict Risk | Clearly scoped to cloud infrastructure security auditing across specific providers, with distinct triggers like 'IAM audit,' 'S3 bucket,' and 'cloud misconfiguration' that are unlikely to conflict with general security or non-cloud skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
64%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a solid, actionable cloud security audit skill with concrete CLI commands across three major providers and a well-structured output template. Its main weaknesses are the lack of explicit workflow sequencing with validation checkpoints (important for security audits where remediation can break things) and the monolithic structure that could benefit from splitting provider-specific details into separate files. The content is mostly concise but has some areas of unnecessary explanation.
Suggestions
Add an explicit sequenced workflow at the top (e.g., 1. Scope → 2. Enumerate → 3. Audit per category → 4. Validate findings → 5. Draft report → 6. Review remediation impact) with validation checkpoints between steps.
Split provider-specific commands into separate reference files (e.g., AWS_AUDIT.md, GCP_AUDIT.md, AZURE_AUDIT.md) and keep SKILL.md as a concise overview with cross-references.
Add a verification step before remediation recommendations: explicitly instruct to confirm findings are true positives and assess blast radius of proposed fixes.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is mostly efficient with concrete commands and checklists, but some sections like 'GCP/Azure: Equivalent checks for Cloud Storage and Blob Storage' are vague filler, and the checklist items under Compute and Logging could be tighter. Some items explain things Claude would already know (e.g., what IMDSv2 is, what VPC flow logs are). | 2 / 3 |
Actionability | Provides fully executable CLI commands for AWS, GCP, and Azure across multiple audit categories. The output format template is copy-paste ready, and the checklist items are specific enough to act on directly (e.g., check for `0.0.0.0/0` ingress, `HttpTokens = required`, grep for `"Action": "*"`). | 3 / 3 |
Workflow Clarity | The audit categories are well-organized and the output format provides clear structure, but there's no explicit sequencing or validation checkpoints between steps. For a security audit involving potentially destructive remediation actions, there should be verification steps (e.g., validate findings before recommending changes, test remediation in non-prod first). The workflow is more of a checklist than a sequenced process with feedback loops. | 2 / 3 |
Progressive Disclosure | The content is well-sectioned with clear headers, but it's a fairly long monolithic document (~120 lines of substantive content). Provider-specific audit commands and the detailed output template could be split into separate reference files. The References section mentions external resources but doesn't link to any bundle files for deeper guidance. | 2 / 3 |
Total | 9 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
Total | 10 / 11 Passed | |
- Repository
- briiirussell/cybersecurity-skills
- Commit
2400590
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.