CtrlK
BlogDocsLog inGet started
Tessl Logo

security-group-generator

Security Group Generator - Auto-activating skill for AWS Skills. Triggers on: security group generator, security group generator Part of the AWS Skills skill category.

39

1.00x

Quality

7%

Does it follow best practices?

Impact

100%

1.00x

Average score across 3 eval scenarios

SecuritybySnyk

Passed

No known issues

Optimize this skill with Tessl

npx tessl skill review --optimize ./planned-skills/generated/13-aws-skills/security-group-generator/SKILL.md
SKILL.md
Quality
Evals
Security

Evaluation results

100%

Three-Tier Web Application Network Isolation

Tiered web app security group generation

Criteria
Without context
With context

AWS CLI commands only

100%

100%

VPC parameter present

100%

100%

Three separate security groups

100%

100%

SG-to-SG chaining (app tier)

100%

100%

SG-to-SG chaining (DB tier)

100%

100%

Descriptions on security groups

100%

100%

Project tag applied

100%

100%

CloudFormation template present

100%

100%

Inline code comments

100%

100%

No 0.0.0.0/0 for internal tiers

100%

100%

Region specified

100%

100%

Without context: $0.3122 · 1m 30s · 15 turns · 16 in / 6,355 out tokens

With context: $0.6026 · 2m 24s · 27 turns · 27 in / 9,715 out tokens

100%

Lambda-to-RDS Private Connectivity Setup

Serverless Lambda VPC security group design

Criteria
Without context
With context

AWS CLI commands only

100%

100%

Captures SG IDs into variables

100%

100%

Separate SGs per Lambda group

100%

100%

RDS SG references Lambda SGs

100%

100%

Selective HTTPS egress

100%

100%

VPC ID used

100%

100%

Region set

100%

100%

Descriptions on SGs

100%

100%

Inline comments

100%

100%

Lambda-specific egress noted

100%

100%

No 0.0.0.0/0 on RDS

100%

100%

Without context: $0.2821 · 1m 32s · 15 turns · 15 in / 5,703 out tokens

With context: $0.4648 · 1m 52s · 24 turns · 57 in / 6,875 out tokens

100%

Security Group Audit and Remediation

Security group validation and standards compliance

Criteria
Without context
With context

AWS CLI commands only

100%

100%

All-traffic rule flagged

100%

100%

DB open to internet flagged

100%

100%

SSH open to internet flagged

100%

100%

Overly broad port range flagged

100%

100%

Missing description flagged

100%

100%

Revoke commands in script

100%

100%

Corrected rules restrict source

100%

100%

No unrestricted DB access in remediation

100%

100%

Script comments

100%

100%

Remediation rationale documented

100%

100%

Uses GroupId in script

100%

100%

Without context: $0.5171 · 2m 18s · 19 turns · 20 in / 9,243 out tokens

With context: $0.6324 · 2m 34s · 26 turns · 26 in / 9,705 out tokens

Repository
jeremylongshore/claude-code-plugins-plus-skills
Commit

0c08951

Evaluated
Agent
Claude Code
Model
Claude Sonnet 4.6

Table of Contents

Three-Tier Web Application Network IsolationLambda-to-RDS Private Connectivity SetupSecurity Group Audit and Remediation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill