cloud-security-posture
Cloud Security Posture - Auto-activating skill for Security Advanced. Triggers on: cloud security posture, cloud security posture Part of the Security Advanced skill category.
Install with Tessl CLI
npx tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill cloud-security-postureOverall
score
19%
Does it follow best practices?
Validation for skill structure
Activation
7%This description is severely underdeveloped and essentially non-functional for skill selection. It provides no information about what the skill actually does, relying entirely on the category name repeated as a trigger term. Without concrete capabilities or explicit usage guidance, Claude cannot make informed decisions about when to select this skill.
Suggestions
Add specific capabilities the skill provides, such as 'Analyzes cloud infrastructure configurations, identifies security misconfigurations, reviews IAM policies, and checks compliance against security frameworks'
Include a 'Use when...' clause with natural trigger terms like 'Use when reviewing AWS/Azure/GCP security settings, checking for misconfigurations, auditing cloud permissions, or assessing compliance posture'
Add common user phrases and variations such as 'CSPM', 'cloud misconfiguration', 'security audit', 'IAM review', 'compliance check', or specific cloud provider names
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description contains no concrete actions whatsoever. 'Cloud Security Posture' is repeated as both the title and trigger term, with no explanation of what the skill actually does. | 1 / 3 |
Completeness | The description fails to answer 'what does this do' entirely - there are no capabilities listed. The 'when' is only implied through the repeated trigger phrase with no explicit 'Use when...' clause. | 1 / 3 |
Trigger Term Quality | The only trigger terms listed are 'cloud security posture' repeated twice. This misses natural variations users might say like 'AWS security', 'cloud misconfiguration', 'CSPM', 'security audit', or 'compliance check'. | 1 / 3 |
Distinctiveness Conflict Risk | While 'cloud security posture' is a specific domain term that wouldn't conflict with unrelated skills, the lack of detail means it could easily overlap with other security-related skills without clear differentiation. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
0%This skill is essentially a placeholder with no substantive content. It describes what a cloud security posture skill should do without providing any actual guidance, code, commands, or specific information. The content would be identical if you replaced 'cloud security posture' with any other topic.
Suggestions
Add concrete, executable examples for at least one cloud provider (e.g., AWS Security Hub checks, Azure Security Center queries, or GCP Security Command Center configurations)
Define a clear workflow for security posture assessment: enumerate resources -> scan configurations -> identify misconfigurations -> remediate -> validate
Include specific tool commands or API calls (e.g., `aws securityhub get-findings`, `az security assessment list`, terraform-compliance checks)
Reference or link to specific compliance frameworks (SOC2, CIS Benchmarks, NIST) with concrete mapping to cloud security controls
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is padded with generic boilerplate that explains nothing Claude doesn't already know. Phrases like 'provides automated assistance' and 'follows industry best practices' are meaningless filler with no actionable information. | 1 / 3 |
Actionability | No concrete guidance whatsoever - no code, no commands, no specific steps, no examples of actual cloud security posture checks or configurations. The entire content describes rather than instructs. | 1 / 3 |
Workflow Clarity | No workflow is defined. Claims to provide 'step-by-step guidance' but contains zero actual steps. No validation checkpoints, no sequence of operations, nothing actionable. | 1 / 3 |
Progressive Disclosure | No structure beyond generic headings. No references to detailed materials, no links to specific guides for different cloud providers, compliance frameworks, or security tools. The 'Related Skills' section mentions tags but provides no navigation. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
69%Validation — 11 / 16 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
description_trigger_hint | Description may be missing an explicit 'when to use' trigger hint (e.g., 'Use when...') | Warning |
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
metadata_version | 'metadata' field is not a dictionary | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
body_steps | No step-by-step structure detected (no ordered list); consider adding a simple workflow | Warning |
Total | 11 / 16 Passed | |
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.