checking-infrastructure-compliance
tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill checking-infrastructure-complianceExecute use when you need to work with compliance checking. This skill provides compliance monitoring and validation with comprehensive guidance and automation. Trigger with phrases like "check compliance", "validate policies", or "audit compliance".
Validation
81%| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
metadata_version | 'metadata' field is not a dictionary | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 13 / 16 Passed | |
Implementation
20%This skill is a generic template with no compliance-specific content whatsoever. It reads like a fill-in-the-blank software development checklist that could apply to any task. There are no compliance rules, policy definitions, audit procedures, validation commands, or concrete examples of what 'compliance checking' actually means in this context.
Suggestions
Add concrete compliance rules or policies to check against (e.g., specific security standards, regulatory requirements, code quality rules)
Provide executable code examples showing how to run compliance checks, such as CLI commands or script invocations with expected output
Include specific examples of compliance violations and how to detect/report them
Remove generic software development advice (backup data, test in staging, etc.) that Claude already knows and replace with domain-specific compliance guidance
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Extremely verbose with generic boilerplate that applies to any task. Explains obvious concepts like 'backup critical data' and 'test in staging' that Claude already knows. No compliance-specific content justifies the token count. | 1 / 3 |
Actionability | Entirely abstract with no concrete code, commands, or compliance-specific examples. Phrases like 'Execute implementation' and 'Run comprehensive tests' provide zero executable guidance. No actual compliance rules, checks, or validation logic provided. | 1 / 3 |
Workflow Clarity | Steps are numbered and sequenced, but they're generic software development lifecycle steps, not compliance-specific workflows. No validation checkpoints specific to compliance checking, no feedback loops for failed compliance checks. | 2 / 3 |
Progressive Disclosure | References external files in Resources section, but the main content is a monolithic wall of generic text. The referenced files use placeholder paths and the skill body contains no actual compliance content to warrant the structure. | 2 / 3 |
Total | 6 / 12 Passed |
Activation
40%This description suffers from vague, buzzword-heavy language that fails to communicate concrete capabilities. While it includes explicit trigger phrases (a positive), the actual functionality ('comprehensive guidance and automation') is meaningless fluff. The description would benefit greatly from listing specific compliance actions and types of compliance it handles.
Suggestions
Replace vague phrases like 'comprehensive guidance and automation' with specific actions (e.g., 'Validates code against security policies, checks configuration files for compliance violations, generates audit reports')
Specify what types of compliance this handles (e.g., security compliance, regulatory compliance, coding standards) to improve distinctiveness
Add more natural trigger term variations like 'policy check', 'compliance report', 'audit trail', or specific framework names if applicable
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description uses vague language like 'compliance monitoring and validation' and 'comprehensive guidance and automation' without listing any concrete actions. No specific capabilities are enumerated. | 1 / 3 |
Completeness | Has explicit trigger phrases which partially addresses 'when', but the 'what' is extremely vague - 'compliance monitoring and validation with comprehensive guidance and automation' doesn't explain what the skill actually does. | 2 / 3 |
Trigger Term Quality | Includes some relevant trigger phrases ('check compliance', 'validate policies', 'audit compliance') but these are somewhat generic and miss common variations like 'policy check', 'regulatory compliance', 'compliance report', or specific compliance frameworks. | 2 / 3 |
Distinctiveness Conflict Risk | The compliance domain provides some specificity, but 'compliance' is broad and could overlap with security auditing, policy management, or regulatory skills. The triggers are somewhat distinct but the vague capabilities make conflict risk moderate. | 2 / 3 |
Total | 7 / 12 Passed |
Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.