auditing-cloud-cluster-security
Audits the security posture of a CockroachDB cluster (Cloud or self-hosted) across network, authentication, authorization, encryption, audit logging, and backup dimensions. Use when assessing cluster security readiness, preparing for compliance reviews, or investigating security configuration gaps.
90
88%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is an excellent skill description that clearly identifies the specific technology (CockroachDB), lists concrete security dimensions being audited, and provides explicit trigger guidance via a 'Use when' clause. It uses proper third-person voice throughout and covers natural trigger terms that users would employ when needing a CockroachDB security audit.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete dimensions of security auditing: network, authentication, authorization, encryption, audit logging, and backup. Also specifies the target (CockroachDB cluster) and deployment types (Cloud or self-hosted). | 3 / 3 |
Completeness | Clearly answers both 'what' (audits security posture across six named dimensions for CockroachDB clusters) and 'when' (explicit 'Use when' clause covering security readiness assessment, compliance reviews, and investigating security configuration gaps). | 3 / 3 |
Trigger Term Quality | Includes strong natural keywords users would say: 'security posture', 'CockroachDB', 'cluster', 'compliance reviews', 'security configuration', 'audit logging', 'encryption', 'authentication', 'authorization', 'backup'. Good coverage of terms a user needing this skill would naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive due to the specific combination of CockroachDB + security auditing. The named dimensions and specific database technology make it very unlikely to conflict with other skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
77%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured, highly actionable security audit skill with clear step-by-step workflows, executable commands, and explicit evaluation criteria for every check. Its main weakness is verbosity — the document is quite long with some redundancy between the workflow steps, the Pass/Warn/Fail criteria table, and the severity adjustments table. The progressive disclosure structure references supporting files appropriately but the main document retains too much detail that could be offloaded.
Suggestions
Move the Severity Adjustments and Compliance Overrides tables to a reference file (e.g., references/severity-matrix.md) to reduce the main SKILL.md length while keeping the workflow steps lean.
Remove the 'When to Use This Skill' section — these use cases are already covered in the skill description and are obvious to Claude given the skill's title and content.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is comprehensive but verbose for its purpose. Many tables repeat information (e.g., check applicability appears in both the workflow and the Pass/Warn/Fail criteria table), and the severity adjustments and compliance overrides sections add significant length. Some sections like 'When to Use This Skill' explain obvious use cases Claude could infer. However, the domain complexity justifies much of the length. | 2 / 3 |
Actionability | Every audit step includes executable bash commands and SQL queries that are copy-paste ready. The evaluation criteria are specific and concrete (e.g., 'FAIL if more than 5 users have admin role', 'FAIL if 0.0.0.0/0 is in the IP allowlist'). Commands include proper flags like `-starttls postgres` for openssl and `-o json` for ccloud output. | 3 / 3 |
Workflow Clarity | The workflow is clearly sequenced (Steps 0-8) with explicit validation at Step 0 (prerequisite verification with degradation handling), clear evaluation criteria at each step with PASS/WARN/FAIL outcomes, and a structured report format. The tool availability check with impact-if-missing table is an excellent validation checkpoint. The read-only safety constraint is clearly stated upfront. | 3 / 3 |
Progressive Disclosure | The skill references multiple external files (references/permissions.md, references/sql-queries.md, references/ccloud-commands.md, references/sample-report.md) and remediation skills, which is good structure. However, no bundle files were provided, so we cannot verify these exist. The main SKILL.md itself is very long (~400+ lines) and could benefit from moving the detailed severity adjustment tables and compliance override tables into a reference file. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
skill_md_line_count | SKILL.md is long (549 lines); consider splitting into references/ and linking | Warning |
Total | 10 / 11 Passed | |
- Repository
- cockroachlabs/cockroachdb-skills
- Commit
84bc1e4
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.