cloud-security-posture
Cloud Security Posture - Auto-activating skill for Security Advanced. Triggers on: cloud security posture, cloud security posture Part of the Security Advanced skill category.
36
Quality
3%
Does it follow best practices?
Impact
97%
1.00xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./planned-skills/generated/04-security-advanced/cloud-security-posture/SKILL.mdQuality
Discovery
7%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is severely underdeveloped, functioning more as a placeholder than a useful skill description. It provides no information about what capabilities the skill offers, repeats the same trigger term twice, and gives Claude no meaningful guidance for when to select this skill over others. The description fails on nearly all dimensions of the rubric.
Suggestions
Add specific concrete actions the skill performs, such as 'Analyzes cloud infrastructure configurations, identifies security misconfigurations, reviews IAM policies, and assesses compliance with security frameworks'
Expand trigger terms to include natural variations users would say: 'AWS security', 'Azure security posture', 'cloud misconfiguration', 'CSPM', 'cloud compliance audit', 'infrastructure security review'
Add an explicit 'Use when...' clause: 'Use when the user asks about cloud security assessments, needs to review cloud configurations for vulnerabilities, or wants to evaluate compliance with security standards like CIS benchmarks'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description contains no concrete actions whatsoever. 'Cloud Security Posture' is repeated as both the title and trigger term, with no explanation of what the skill actually does. | 1 / 3 |
Completeness | The description fails to answer 'what does this do' entirely - there are no capabilities listed. The 'when' is technically present but only as a redundant trigger phrase with no context or explicit guidance. | 1 / 3 |
Trigger Term Quality | The only trigger term is 'cloud security posture' repeated twice. Missing natural variations users might say like 'AWS security', 'Azure compliance', 'misconfiguration', 'CSPM', 'cloud audit', or 'security assessment'. | 1 / 3 |
Distinctiveness Conflict Risk | While 'cloud security posture' is a somewhat specific domain term, the lack of any concrete actions or scope means it could overlap with other security-related skills. The term itself provides some distinctiveness but insufficient detail to clearly differentiate. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
0%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is essentially a placeholder with no substantive content. It describes what a cloud security posture skill should do without providing any actual guidance, code, commands, or specific information. The content would be identical if you replaced 'cloud security posture' with any other topic.
Suggestions
Add concrete examples of cloud security posture checks (e.g., AWS Security Hub queries, Azure Security Center commands, GCP Security Command Center API calls)
Include a workflow for conducting a cloud security posture assessment with specific validation steps (e.g., 1. Enumerate resources, 2. Check IAM policies, 3. Validate network configurations)
Provide executable code snippets for common CSPM tasks like checking for public S3 buckets, overly permissive security groups, or unencrypted storage
Add references to specific compliance frameworks (SOC2, GDPR mentioned in tags) with concrete mapping to cloud security controls
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is padded with generic boilerplate that explains nothing Claude doesn't already know. Phrases like 'provides automated assistance' and 'follows industry best practices' are meaningless filler with no actionable information. | 1 / 3 |
Actionability | There is zero concrete guidance - no code, no commands, no specific steps, no examples of actual cloud security posture checks or configurations. The content only describes what the skill claims to do without showing how. | 1 / 3 |
Workflow Clarity | No workflow is defined. Claims to provide 'step-by-step guidance' but contains no actual steps. No validation checkpoints, no sequence of operations, nothing actionable for cloud security posture assessment. | 1 / 3 |
Progressive Disclosure | No structure beyond generic headings. No references to detailed materials, no links to specific guides for different cloud providers, compliance frameworks, or security tools. The 'Related Skills' section mentions tags but provides no navigation. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
994edc4
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.