cloud-security-posture
Cloud Security Posture - Auto-activating skill for Security Advanced. Triggers on: cloud security posture, cloud security posture Part of the Security Advanced skill category.
33
0%
Does it follow best practices?
Impact
97%
1.00xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./planned-skills/generated/04-security-advanced/cloud-security-posture/SKILL.mdQuality
Discovery
0%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is essentially a placeholder with no substantive content. It repeats the skill name as its only trigger term, provides zero information about what the skill actually does, and lacks any explicit guidance on when Claude should select it. It would be nearly impossible for Claude to correctly choose this skill from a pool of available options.
Suggestions
Add specific concrete actions the skill performs, e.g., 'Audits cloud infrastructure configurations, identifies security misconfigurations, evaluates compliance against CIS benchmarks, and recommends remediation steps for AWS, Azure, and GCP environments.'
Add an explicit 'Use when...' clause with natural trigger terms, e.g., 'Use when the user asks about cloud misconfigurations, CSPM, cloud compliance, IAM policy review, security groups, or hardening cloud environments.'
Remove the duplicate trigger term 'cloud security posture' and replace with diverse keyword variations users would naturally use, such as 'cloud hardening', 'security audit', 'compliance check', 'misconfiguration detection', specific cloud provider names, etc.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description contains no concrete actions whatsoever. It merely names the domain 'Cloud Security Posture' without describing what the skill actually does - no verbs, no specific capabilities, no actionable details. | 1 / 3 |
Completeness | The description fails to answer both 'what does this do' and 'when should Claude use it'. There is no explanation of capabilities and no meaningful 'Use when...' clause - only a redundant trigger phrase and a category label. | 1 / 3 |
Trigger Term Quality | The only trigger terms listed are 'cloud security posture' repeated twice. There are no natural keyword variations a user might say, such as 'misconfiguration', 'compliance', 'AWS/Azure/GCP security', 'IAM policies', 'CSPM', or 'cloud hardening'. | 1 / 3 |
Distinctiveness Conflict Risk | The description is extremely generic within the security domain. 'Cloud Security Posture' could overlap with many other security-related skills, and the lack of specific actions or triggers makes it indistinguishable from other cloud or security skills. | 1 / 3 |
Total | 4 / 12 Passed |
Implementation
0%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is an empty shell with no substantive content. It describes itself in vague, marketing-style language without providing any actionable guidance, concrete examples, executable code, tool references, or workflows related to cloud security posture. It fails on every dimension of the rubric.
Suggestions
Add concrete, executable guidance: include specific tools (e.g., AWS Security Hub, ScoutSuite, Prowler, cspm-tool CLI commands), example configurations, and code snippets for common cloud security posture tasks.
Define a clear multi-step workflow with validation checkpoints, e.g., 1) enumerate cloud resources, 2) run posture assessment scan, 3) review findings, 4) remediate misconfigurations, 5) re-scan to verify.
Remove all generic filler ('Provides step-by-step guidance', 'Follows industry best practices') and replace with specific standards (CIS Benchmarks, SOC2 controls, NIST 800-53) and how to check compliance against them.
Add references to supporting files or external resources for advanced topics like threat modeling frameworks, compliance mapping tables, or penetration testing checklists.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is padded with generic filler that tells Claude nothing it doesn't already know. Phrases like 'Provides step-by-step guidance' and 'Follows industry best practices' are vague platitudes that waste tokens without adding actionable information. | 1 / 3 |
Actionability | There is zero concrete guidance—no commands, no code, no specific configurations, no frameworks, no tools. The entire skill describes what it does in abstract terms rather than instructing Claude how to do anything. | 1 / 3 |
Workflow Clarity | No workflow, steps, or process is defined. There are no sequences, no validation checkpoints, and no error recovery paths despite the domain (cloud security posture) involving multi-step, potentially destructive operations. | 1 / 3 |
Progressive Disclosure | The content is a monolithic block of generic text with no references to supporting files, no structured navigation, and no bundle files to support deeper content. There is nothing to progressively disclose. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
13d35b8
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.