cloud-security-posture
Cloud Security Posture - Auto-activating skill for Security Advanced. Triggers on: cloud security posture, cloud security posture Part of the Security Advanced skill category.
33
0%
Does it follow best practices?
Impact
97%
1.00xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./planned-skills/generated/04-security-advanced/cloud-security-posture/SKILL.mdQuality
Discovery
0%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is essentially a placeholder with no substantive content. It repeats the skill name as its only trigger term, provides zero information about what the skill actually does, and lacks any explicit guidance on when Claude should select it. It fails across all dimensions of the rubric.
Suggestions
Add specific concrete actions the skill performs, e.g., 'Audits cloud infrastructure configurations, identifies security misconfigurations, evaluates compliance against CIS benchmarks, and recommends remediation steps for AWS, Azure, and GCP environments.'
Add an explicit 'Use when...' clause with natural trigger terms, e.g., 'Use when the user asks about cloud security posture management (CSPM), cloud misconfigurations, cloud compliance checks, IAM policy reviews, or security hardening for AWS/Azure/GCP.'
Remove the duplicate trigger term 'cloud security posture' and replace the boilerplate metadata ('Auto-activating skill for Security Advanced') with meaningful capability descriptions that distinguish this from other security skills.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description contains no concrete actions whatsoever. It merely names the domain 'Cloud Security Posture' without describing what the skill actually does - no verbs, no specific capabilities, no outputs. | 1 / 3 |
Completeness | Neither 'what does this do' nor 'when should Claude use it' is meaningfully answered. There is no explanation of capabilities and no explicit 'Use when...' clause with trigger guidance. | 1 / 3 |
Trigger Term Quality | The only trigger terms listed are 'cloud security posture' repeated twice. There are no natural variations users might say such as 'cloud misconfiguration', 'CSPM', 'AWS/Azure/GCP security', 'cloud compliance', or 'security audit'. | 1 / 3 |
Distinctiveness Conflict Risk | The description is so vague that it could overlap with any security-related skill. Without specific actions or scope boundaries, it would be nearly impossible to distinguish from other security skills in a large skill library. | 1 / 3 |
Total | 4 / 12 Passed |
Implementation
0%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is essentially a placeholder with no substantive content. It repeatedly references 'cloud security posture' without defining what that means in practice, providing no concrete guidance, code, commands, frameworks, or workflows. It fails on every dimension because it contains no actionable information whatsoever.
Suggestions
Add concrete, executable content such as example cloud security posture assessment commands (e.g., AWS Security Hub CLI commands, GCP Security Command Center queries, Azure Defender configurations).
Define a clear multi-step workflow for assessing cloud security posture, including steps like inventory discovery, misconfiguration scanning, compliance benchmarking (CIS, NIST), and remediation validation with explicit checkpoints.
Include specific code examples or configuration snippets for common posture management tasks (e.g., Terraform security policies, CloudFormation guard rules, or ScoutSuite/Prowler scan commands).
Replace the meta-description sections ('Capabilities', 'Example Triggers', 'When to Use') with actual instructional content—these sections describe the skill rather than teaching anything.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is almost entirely filler and meta-description. It explains what the skill does in abstract terms without providing any actual knowledge or instructions. Every section restates the same vague concept ('cloud security posture') without adding substance. | 1 / 3 |
Actionability | There is zero concrete guidance—no commands, no code, no specific frameworks, no checklists, no configurations. The skill describes rather than instructs, offering only vague promises like 'provides step-by-step guidance' without actually providing any. | 1 / 3 |
Workflow Clarity | No workflow, steps, or process is defined. There are no sequences, no validation checkpoints, and no actionable procedures for any cloud security posture task. | 1 / 3 |
Progressive Disclosure | The content is a flat, shallow document with no references to detailed materials, no links to related files, and no structured navigation. It mentions 'Related Skills' and tags but provides no actual pointers to deeper content. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
c8a915c
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.