auditing-azure-active-directory-configuration
Auditing Microsoft Entra ID (Azure Active Directory) configuration to identify risky authentication policies, overly permissive role assignments, stale accounts, conditional access gaps, and guest user risks using AzureAD PowerShell, Microsoft Graph API, and ScoutSuite.
78
73%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/auditing-azure-active-directory-configuration/SKILL.mdQuality
Discovery
82%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong description with excellent specificity, rich trigger terms, and a clearly distinctive niche in Azure AD security auditing. Its primary weakness is the absence of an explicit 'Use when...' clause, which would help Claude know precisely when to select this skill over others.
Suggestions
Add a 'Use when...' clause, e.g., 'Use when the user asks to audit Azure AD, review Entra ID security posture, check conditional access policies, or assess identity-related risks in Azure environments.'
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: auditing authentication policies, identifying risky role assignments, stale accounts, conditional access gaps, and guest user risks. Also names specific tools: AzureAD PowerShell, Microsoft Graph API, and ScoutSuite. | 3 / 3 |
Completeness | The 'what' is well-covered with specific auditing actions and tools, but there is no explicit 'Use when...' clause or equivalent trigger guidance telling Claude when to select this skill. Per the rubric, a missing 'Use when...' clause caps completeness at 2. | 2 / 3 |
Trigger Term Quality | Excellent coverage of natural keywords users would say: 'Entra ID', 'Azure Active Directory', 'authentication policies', 'role assignments', 'stale accounts', 'conditional access', 'guest user', 'AzureAD PowerShell', 'Microsoft Graph API', 'ScoutSuite'. These are terms a user working in this domain would naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with a clear niche: Microsoft Entra ID / Azure AD security auditing. The combination of specific security audit areas and named tools makes it very unlikely to conflict with other skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
64%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a comprehensive and highly actionable Azure AD auditing skill with executable commands across all workflow steps. Its main weaknesses are verbosity from definitional content Claude doesn't need (Key Concepts, Tools descriptions), lack of validation checkpoints between steps, and a monolithic structure that would benefit from progressive disclosure via linked reference files. The hardcoded dates in sign-in log queries (2025-11-25, 2026-02-16) are also problematic as time-sensitive information.
Suggestions
Remove or drastically reduce the 'Key Concepts' table and 'Tools & Systems' descriptions—Claude already knows what Microsoft Entra ID, Conditional Access, and ScoutSuite are.
Add validation checkpoints after Steps 1-2, such as confirming Graph API permissions are sufficient before proceeding and verifying role assignment queries return expected results.
Replace hardcoded dates in queries (e.g., '2025-11-25', '2026-02-16') with dynamic date calculations like '$(Get-Date).AddDays(-90)' or '$(date -d "-7 days" +%Y-%m-%dT00:00:00Z)' to avoid time-sensitive brittleness.
Move the Common Scenarios section and Output Format template to separate referenced files to improve progressive disclosure and reduce the main skill's token footprint.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill includes a 'Key Concepts' table that explains terms like 'Microsoft Entra ID' and 'Conditional Access' which Claude already knows. The 'Tools & Systems' section similarly describes well-known tools. The 'When to Use' and 'Do not use' sections add value but the overall content could be tightened by removing definitional material. | 2 / 3 |
Actionability | The skill provides fully executable PowerShell and Azure CLI commands throughout all steps, with specific Graph API endpoints, query filters, and output formatting. Commands are copy-paste ready with concrete field selections and filtering logic. | 3 / 3 |
Workflow Clarity | The six steps are clearly sequenced and logically ordered, but there are no explicit validation checkpoints or feedback loops between steps. For a security audit involving potentially destructive remediation recommendations and complex API queries that may fail due to permissions, there should be verification steps (e.g., confirming Graph permissions before proceeding, validating API responses). | 2 / 3 |
Progressive Disclosure | The content is a monolithic document with all details inline. The Key Concepts table, Tools & Systems section, and Common Scenarios section could be split into separate reference files. There are no references to external files for deeper dives, and the document is quite long for a SKILL.md overview. | 2 / 3 |
Total | 9 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- mukul975/Anthropic-Cybersecurity-Skills
- Commit
888bbe4
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.