auditing-aws-s3-bucket-permissions
Systematically audit AWS S3 bucket permissions to identify publicly accessible buckets, overly permissive ACLs, misconfigured bucket policies, and missing encryption settings using AWS CLI, S3audit, and Prowler to enforce least-privilege data access controls.
62
73%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/auditing-aws-s3-bucket-permissions/SKILL.mdQuality
Discovery
82%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong description with excellent specificity, naming concrete actions, security concerns, and specific tools. The main weakness is the absence of an explicit 'Use when...' clause, which would help Claude know exactly when to select this skill. The trigger terms are naturally aligned with what users would say when dealing with S3 security concerns.
Suggestions
Add an explicit 'Use when...' clause, e.g., 'Use when the user asks about S3 security, bucket access auditing, public bucket exposure, or AWS storage compliance checks.'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: audit S3 bucket permissions, identify publicly accessible buckets, overly permissive ACLs, misconfigured bucket policies, missing encryption settings. Also names specific tools: AWS CLI, S3audit, and Prowler. | 3 / 3 |
Completeness | Clearly answers 'what does this do' with detailed capabilities, but lacks an explicit 'Use when...' clause or equivalent trigger guidance. The 'when' is only implied by the nature of the actions described. | 2 / 3 |
Trigger Term Quality | Includes strong natural keywords users would say: 'S3 bucket permissions', 'publicly accessible buckets', 'ACLs', 'bucket policies', 'encryption settings', 'AWS CLI', 'S3audit', 'Prowler', 'least-privilege'. These cover a wide range of terms a user concerned about S3 security would naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | Highly specific niche: AWS S3 bucket security auditing with named tools. Unlikely to conflict with other skills due to the narrow focus on S3 permissions, ACLs, bucket policies, and specific tooling like S3audit and Prowler. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
64%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a comprehensive and highly actionable S3 audit skill with executable commands throughout. Its main weaknesses are verbosity (explaining concepts Claude already knows, like what ACLs and bucket policies are) and missing validation/feedback loops after remediation steps. The content would benefit from trimming explanatory sections and adding explicit verification checkpoints.
Suggestions
Remove or drastically reduce the 'Key Concepts' table — Claude already knows what ACLs, bucket policies, and encryption are. Keep only project-specific or non-obvious definitions.
Add explicit validation steps after remediation in Step 7, e.g., re-run `get-public-access-block` to confirm changes took effect, and include a feedback loop for handling failures.
Split the Common Scenarios, Output Format, and Tools sections into separate reference files to improve progressive disclosure and reduce the main skill's token footprint.
Trim the 'Tools & Systems' descriptions to just tool names and their specific role in this workflow, removing general descriptions Claude already knows.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is reasonably well-structured but includes unnecessary sections like the 'Key Concepts' table defining terms Claude already knows (ACL, bucket policy, server-side encryption, CIS benchmarks). The 'When to Use' and 'Do not use' sections are somewhat verbose. The 'Tools & Systems' section also explains tools at a level Claude doesn't need. However, the core workflow steps are fairly efficient. | 2 / 3 |
Actionability | The skill provides fully executable bash commands and Python snippets throughout all workflow steps. Commands are copy-paste ready with proper AWS CLI syntax, JMESPath queries, and inline Python for policy analysis. Remediation commands are concrete and specific. | 3 / 3 |
Workflow Clarity | The 7-step workflow is clearly sequenced and logically ordered from enumeration through remediation. However, it lacks explicit validation checkpoints and feedback loops — there's no step to verify that remediation was successful (e.g., re-running checks after applying Block Public Access), and no error handling guidance for common failures like permission denied or missing analyzers. For a destructive/security-critical operation like modifying bucket policies, this is a notable gap. | 2 / 3 |
Progressive Disclosure | The content is a monolithic document with no references to external files despite being quite long (~200+ lines). The Key Concepts table, Common Scenarios section, and Output Format template could be split into separate reference files. However, the internal organization with clear headers is decent, and since no bundle files exist, the single-file approach is understandable but not ideal for this amount of content. | 2 / 3 |
Total | 9 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- mukul975/Anthropic-Cybersecurity-Skills
- Commit
9a588e6
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.