azure-compliance
Run Azure compliance and security audits with azqr plus Key Vault expiration checks. Covers best-practice assessment, resource review, policy/compliance validation, and security posture checks. WHEN: compliance scan, security audit, BEFORE running azqr (compliance cli tool), Azure best practices, Key Vault expiration check, expired certificates, expiring secrets, orphaned resources, compliance assessment.
61
71%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./plugin/skills/azure-compliance/SKILL.mdQuality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong skill description that clearly communicates specific capabilities (Azure compliance audits via azqr, Key Vault expiration checks), provides comprehensive trigger terms in an explicit 'WHEN:' clause, and occupies a distinct niche. The description is concise, uses third-person voice, and covers both what the skill does and when it should be selected.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'Run Azure compliance and security audits with azqr', 'Key Vault expiration checks', 'best-practice assessment', 'resource review', 'policy/compliance validation', 'security posture checks'. These are concrete, identifiable tasks. | 3 / 3 |
Completeness | Clearly answers both 'what' (run Azure compliance/security audits with azqr, Key Vault expiration checks, best-practice assessment, resource review, policy/compliance validation, security posture checks) and 'when' with an explicit 'WHEN:' clause listing trigger scenarios like 'compliance scan', 'security audit', 'BEFORE running azqr', etc. | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural terms users would say: 'compliance scan', 'security audit', 'Azure best practices', 'Key Vault expiration check', 'expired certificates', 'expiring secrets', 'orphaned resources', 'compliance assessment', and the tool name 'azqr'. These are terms users would naturally use when requesting these tasks. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with a clear niche: Azure-specific compliance and security auditing using the azqr tool, plus Key Vault expiration checks. The combination of Azure, azqr, Key Vault, and compliance/security terms creates a very specific domain unlikely to conflict with other skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
42%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill is well-organized as a navigation hub with good progressive disclosure to reference files, but critically lacks actionable, executable guidance. The workflow is too abstract — it tells Claude what to do conceptually but never shows how to actually invoke the MCP tools with specific parameters or handle real outputs. The content would benefit significantly from concrete tool invocation examples and validation checkpoints.
Suggestions
Add concrete MCP tool invocation examples showing exact parameters, e.g., how to call `mcp_azure_mcp_extension_azqr` with a subscription ID and what the output looks like.
Include a worked example of the Key Vault expiration audit workflow showing actual tool calls and how to interpret/classify the results.
Add explicit validation checkpoints in the workflow, such as verifying authentication before running scans and confirming scope selection before proceeding.
Remove or consolidate the overlapping 'When to Use This Skill' and 'Skill Activation Triggers' sections into a single concise trigger list.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill includes some unnecessary sections like 'Skill Activation Triggers' which extensively lists things Claude can infer, and the 'When to Use This Skill' section overlaps significantly with triggers. The tables are reasonably efficient but there's redundancy between sections. The 'Best Practices' section contains generic advice Claude already knows. | 2 / 3 |
Actionability | The skill provides no executable code, no concrete commands, and no specific examples of how to call the MCP tools or interpret results. The workflow is described at a high level ('Run azqr and capture output artifacts') without showing actual tool invocations, parameters, or expected outputs. It describes rather than instructs. | 1 / 3 |
Workflow Clarity | The 5-step assessment workflow provides a sequence but lacks validation checkpoints, feedback loops, and specific details about what to do when issues are found during scanning. The priority classification table is helpful but the workflow itself is too abstract — no explicit validation steps between running azqr and analyzing results. | 2 / 3 |
Progressive Disclosure | The skill is well-structured as an overview with clear one-level-deep references to detailed materials (azure-quick-review.md, azure-keyvault-expiration-audit.md, azure-resource-graph.md, and SDK references). Navigation is clear with well-organized tables pointing to specific reference files by topic. | 3 / 3 |
Total | 8 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- microsoft/github-copilot-for-azure
- Commit
915f809
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.