auditing-access-control
tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill auditing-access-controlThis skill enables Claude to audit access control implementations in various systems. It uses the access-control-auditor plugin to identify potential vulnerabilities and misconfigurations related to access control. Use this skill when the user asks to "audit access control", "check permissions", "assess access rights", or requests a "security review" focused on access management. It's particularly useful for analyzing IAM policies, ACLs, and other access control mechanisms in cloud environments, applications, or infrastructure. The skill helps ensure compliance with security best practices and identify potential privilege escalation paths.
Validation
81%| Criteria | Description | Result |
|---|---|---|
metadata_version | 'metadata' field is not a dictionary | Warning |
license_field | 'license' field is missing | Warning |
body_output_format | No obvious output/return/format terms detected; consider specifying expected outputs | Warning |
Total | 13 / 16 Passed | |
Implementation
20%This skill content is too abstract and verbose, describing what the plugin does rather than showing how to use it. It lacks any concrete invocation syntax, parameter examples, or output formats that would make it actionable. The content explains concepts Claude already understands while omitting the specific technical details needed to actually perform audits.
Suggestions
Add concrete plugin invocation syntax with actual parameters (e.g., `access-control-auditor --target aws-iam --account <account-id> --output json`)
Include example output showing what audit findings look like and how to interpret them
Remove explanatory sections like 'How It Works' and 'When to Use This Skill' that describe obvious concepts
Add validation steps for verifying audit results and handling common error conditions
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is verbose and explains concepts Claude already knows (what IAM policies are, what ACLs are, basic security concepts). The 'How It Works' section describes obvious steps, and 'When to Use This Skill' largely duplicates the description. Much of this could be cut. | 1 / 3 |
Actionability | No concrete code, commands, or executable guidance provided. The examples describe what 'the skill will' do abstractly but never show actual plugin invocation syntax, parameters, or expected output formats. Everything is descriptive rather than instructive. | 1 / 3 |
Workflow Clarity | Steps are listed in 'How It Works' but lack specifics on how to invoke the plugin, what parameters to pass, or how to interpret results. No validation checkpoints or error handling guidance for when audits fail or return unexpected results. | 2 / 3 |
Progressive Disclosure | Content is reasonably organized with clear sections, but everything is inline in one file. The 'Integration' section hints at related capabilities that could be separate references. No external file references for detailed API usage or advanced configurations. | 2 / 3 |
Total | 6 / 12 Passed |
Activation
100%This is a well-crafted skill description that excels across all dimensions. It provides specific capabilities, includes an explicit 'Use this skill when...' clause with natural trigger terms, and carves out a distinct niche in access control security auditing. The description uses proper third-person voice throughout.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple concrete actions: 'audit access control implementations', 'identify potential vulnerabilities and misconfigurations', 'analyzing IAM policies, ACLs', 'ensure compliance with security best practices', 'identify potential privilege escalation paths'. | 3 / 3 |
Completeness | Clearly answers both what (audit access control, identify vulnerabilities, analyze IAM/ACLs) and when with explicit 'Use this skill when...' clause listing specific trigger phrases and contexts. | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural trigger terms users would say: 'audit access control', 'check permissions', 'assess access rights', 'security review', plus domain-specific terms like 'IAM policies', 'ACLs', 'privilege escalation'. | 3 / 3 |
Distinctiveness Conflict Risk | Clear niche focused specifically on access control auditing with distinct triggers like 'IAM policies', 'ACLs', 'privilege escalation paths' that differentiate it from general security or code review skills. | 3 / 3 |
Total | 12 / 12 Passed |
Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.