iam

AWS Identity and Access Management for users, roles, policies, and permissions. Use when creating IAM policies, configuring cross-account access, setting up service roles, troubleshooting permission errors, or managing access control.

1.04x

Quality

82%

Does it follow best practices?

Impact

94%

1.04x

Average score across 3 eval scenarios

Securityby

Passed

No known issues

Quality

Content

64%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This is a solid, actionable IAM skill with excellent executable examples covering key patterns like service roles, custom policies, and cross-account access. Its main weaknesses are verbosity in explaining core IAM concepts that Claude already understands, and the lack of explicit validation checkpoints in multi-step workflows. The content would benefit from trimming the conceptual overview and splitting detailed references into separate bundle files.

Suggestions

Remove or drastically reduce the 'Core Concepts' section — Claude already knows what IAM principals, policies, roles, and trust relationships are. Keep only non-obvious details like policy size limits.

Add explicit validation steps to workflows, e.g., after creating a role, verify with `aws iam get-role --role-name MyLambdaRole` before attaching policies, and note IAM propagation delays.

Split the CLI reference table and best practices into separate bundle files (e.g., CLI_REFERENCE.md, BEST_PRACTICES.md) and reference them from the main skill to improve progressive disclosure.

Dimension	Reasoning	Score
Conciseness	The skill includes some unnecessary explanations of concepts Claude already knows well (e.g., 'Core Concepts' section explaining what principals, policies, roles, and trust relationships are). The Table of Contents also adds tokens without much value. However, the code examples and CLI reference are reasonably efficient.	2 / 3
Actionability	The skill provides fully executable CLI commands and boto3 code examples that are copy-paste ready. The patterns cover real-world scenarios (Lambda service role, custom policy, cross-account access) with complete, working code including trust policy JSON documents.	3 / 3
Workflow Clarity	The troubleshooting section provides clear debug steps with a logical sequence, and the common patterns show multi-step processes. However, the role creation workflows lack explicit validation checkpoints (e.g., verifying the role was created successfully before attaching policies, or checking propagation delays). For IAM operations that can have security implications, validation steps would be important.	2 / 3
Progressive Disclosure	The content is well-structured with clear sections and a table of contents, but it's a monolithic file with no bundle files to offload detailed content. The CLI reference table, full boto3 examples, and extensive best practices could be split into separate reference files. External links to AWS docs are provided but no internal bundle references exist.	2 / 3
	Total	9 / 12 Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This is a strong skill description that clearly defines the domain (AWS IAM), lists specific capabilities and entities, and provides explicit trigger guidance via a 'Use when...' clause with five concrete scenarios. It uses proper third-person voice and includes natural keywords that users would actually use when seeking IAM help.

Dimension	Reasoning	Score
Specificity	Lists multiple specific concrete actions: creating IAM policies, configuring cross-account access, setting up service roles, troubleshooting permission errors, and managing access control. Also names specific entities: users, roles, policies, and permissions.	3 / 3
Completeness	Clearly answers both 'what' (AWS IAM for users, roles, policies, and permissions) and 'when' with an explicit 'Use when...' clause listing five specific trigger scenarios.	3 / 3
Trigger Term Quality	Includes strong natural keywords users would say: 'IAM policies', 'cross-account access', 'service roles', 'permission errors', 'access control', 'AWS', 'Identity and Access Management', 'users', 'roles', 'policies', 'permissions'. These cover common variations of how users would phrase IAM-related requests.	3 / 3
Distinctiveness Conflict Risk	Clearly scoped to AWS IAM specifically, with distinct triggers like 'IAM policies', 'cross-account access', and 'service roles' that are unlikely to conflict with other skills. The AWS IAM domain is a well-defined niche.	3 / 3
	Total	12 / 12 Passed

Validation

90%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 10 / 11 Passed

Validation for skill structure

Criteria	Description	Result
frontmatter_unknown_keys	Unknown frontmatter key(s) found; consider removing or moving to metadata	Warning

	Total	10 / 11 Passed

Repository: itsmostafa/aws-agent-skills
Commit: 4ab904a

Reviewed: about 1 month ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.