iam
AWS Identity and Access Management for users, roles, policies, and permissions. Use when creating IAM policies, configuring cross-account access, setting up service roles, troubleshooting permission errors, or managing access control.
Overall
score
81%
Does it follow best practices?
If you maintain this skill, you can automatically optimize it using the tessl CLI to improve its score:
npx tessl skill review --optimize ./path/to/skillValidation for skill structure
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is an excellent skill description that follows best practices. It uses third person voice, clearly states the domain (AWS IAM), lists specific capabilities, and includes an explicit 'Use when...' clause with natural trigger terms. The description is concise yet comprehensive, making it easy for Claude to select this skill appropriately.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'creating IAM policies, configuring cross-account access, setting up service roles, troubleshooting permission errors, managing access control' - these are distinct, actionable capabilities. | 3 / 3 |
Completeness | Clearly answers both what ('AWS Identity and Access Management for users, roles, policies, and permissions') and when ('Use when creating IAM policies, configuring cross-account access, setting up service roles, troubleshooting permission errors, or managing access control') with explicit trigger guidance. | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural terms users would say: 'IAM', 'policies', 'permissions', 'cross-account access', 'service roles', 'permission errors', 'access control' - these match how users naturally describe AWS identity management tasks. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with AWS IAM-specific terminology (IAM policies, cross-account access, service roles, permission errors) that clearly separates it from general cloud skills or other AWS services. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
64%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a solid, actionable IAM skill with excellent executable examples for common patterns. The main weaknesses are some unnecessary conceptual explanations that Claude already knows, and missing validation/verification steps in the workflows. The content would benefit from trimming the Core Concepts section and adding explicit verification commands after each operation.
Suggestions
Remove or significantly trim the Core Concepts section - Claude already understands IAM principals, policies, roles, and trust relationships
Add verification steps after role/policy creation (e.g., 'aws iam get-role --role-name MyLambdaRole' to confirm creation succeeded)
Consider splitting CLI Reference and Best Practices into separate reference files to improve progressive disclosure
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill includes some unnecessary explanations Claude already knows (e.g., 'IAM is foundational to AWS security—every AWS API call is authenticated and authorized through IAM') and the Core Concepts section explains basic IAM concepts that Claude understands. However, the code examples and CLI reference are appropriately lean. | 2 / 3 |
Actionability | Provides fully executable CLI commands and boto3 code that are copy-paste ready. Examples include complete trust policies, role creation, policy attachment, and cross-account assumption with all necessary parameters. | 3 / 3 |
Workflow Clarity | The troubleshooting section provides clear debug steps with numbered sequences, but the main patterns lack explicit validation checkpoints. For example, after creating a role, there's no verification step to confirm the role was created correctly or that the policy attachment succeeded. | 2 / 3 |
Progressive Disclosure | The document has a clear table of contents and logical sections, but it's somewhat monolithic at ~200 lines. The CLI Reference table and Best Practices could be separate files. References section links to external docs but no internal skill file references for advanced topics. | 2 / 3 |
Total | 9 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 13 / 16 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
metadata_version | 'metadata' field is not a dictionary | Warning |
license_field | 'license' field is missing | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 13 / 16 Passed | |
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.