aws-cloudformation-security
AWS CloudFormation patterns for infrastructure security, secrets management, encryption, and secure data handling. Use when creating secure CloudFormation templates with AWS Secrets Manager, KMS encryption, secure parameters, IAM policies, VPC security groups, TLS/SSL certificates, and encrypted traffic configurations. Covers template structure, parameter best practices, cross-stack references, and defense-in-depth strategies.
Install with Tessl CLI
npx tessl i github:giuseppe-trisciuoglio/developer-kit --skill aws-cloudformation-security80
Does it follow best practices?
If you maintain this skill, you can automatically optimize it using the tessl CLI to improve its score:
npx tessl skill review --optimize ./path/to/skillValidation for skill structure
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-crafted skill description that excels across all dimensions. It provides specific capabilities, includes natural trigger terms that users would actually search for, explicitly states both what the skill does and when to use it, and carves out a distinct niche at the intersection of CloudFormation and security concerns. The description uses proper third-person voice throughout.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions and concepts: 'infrastructure security, secrets management, encryption, secure data handling' plus specific AWS services like 'Secrets Manager, KMS encryption, secure parameters, IAM policies, VPC security groups, TLS/SSL certificates, encrypted traffic configurations.' | 3 / 3 |
Completeness | Clearly answers both what ('AWS CloudFormation patterns for infrastructure security...') AND when ('Use when creating secure CloudFormation templates with...') with explicit trigger scenarios and specific service mentions. | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural terms users would say: 'CloudFormation', 'AWS', 'Secrets Manager', 'KMS', 'encryption', 'IAM policies', 'VPC security groups', 'TLS/SSL', 'secure parameters' - these are all terms users naturally use when working with AWS security. | 3 / 3 |
Distinctiveness Conflict Risk | Clear niche combining CloudFormation specifically with security concerns - distinct from general AWS skills, general security skills, or other IaC tools. The combination of 'CloudFormation' + 'security/secrets/encryption' creates a unique trigger profile. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
64%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill provides comprehensive, actionable CloudFormation security patterns with executable YAML templates covering encryption, secrets management, IAM, and network security. However, it suffers from excessive length and verbosity, presenting too much inline content that would benefit from being split into referenced files. The workflow guidance for deploying and validating these templates is implicit rather than explicit.
Suggestions
Move detailed resource configurations (KMS, Secrets Manager, WAF, VPC Security) to separate referenced files, keeping only quick-start examples in the main SKILL.md
Add an explicit deployment workflow section with numbered steps, validation checkpoints (e.g., 'Validate template: aws cloudformation validate-template'), and error recovery guidance
Remove the 'When to Use' section entirely - Claude can infer appropriate usage from the content
Consolidate the 'Best Practices' bullet points into the relevant code sections as inline comments rather than repeating concepts at the end
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is comprehensive but overly verbose for Claude's capabilities. It includes extensive YAML examples that could be condensed, and some sections like 'When to Use' list obvious use cases. The 'Best Practices' section at the end repeats concepts already demonstrated in the examples. | 2 / 3 |
Actionability | The skill provides fully executable CloudFormation YAML templates that are copy-paste ready. Code examples are complete with proper resource definitions, policies, and configurations. The Python handler for drift detection is also executable. | 3 / 3 |
Workflow Clarity | While individual resource configurations are clear, the skill lacks explicit validation checkpoints and sequencing for multi-step processes. The Change Set section shows a bash script workflow, but most sections present resources without clear deployment order or validation steps between operations. | 2 / 3 |
Progressive Disclosure | The skill references REFERENCE.md and EXAMPLES.md at the end, which is good, but the main document is a monolithic wall of YAML examples (~800+ lines). Content that could be in separate files (like the complete KMS, Secrets Manager, or WAF configurations) is inline, making navigation difficult. | 2 / 3 |
Total | 9 / 12 Passed |
Validation
68%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 16 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
skill_md_line_count | SKILL.md is long (1558 lines); consider splitting into references/ and linking | Warning |
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
metadata_version | 'metadata' field is not a dictionary | Warning |
license_field | 'license' field is missing | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 11 / 16 Passed | |
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.