building-identity-governance-lifecycle-process
Builds comprehensive identity governance and lifecycle management processes including joiner-mover-leaver automation, role mining, access request workflows, periodic recertification, and orphaned account remediation using IGA platforms. Activates for requests involving identity lifecycle management, JML processes, role-based access provisioning, or identity governance program design.
69
63%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/building-identity-governance-lifecycle-process/SKILL.mdQuality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong skill description that clearly articulates specific capabilities in the identity governance domain, includes both full terms and common abbreviations as trigger terms, and explicitly states both what the skill does and when it should activate. The description is concise, uses third-person voice appropriately, and occupies a clearly distinct niche that minimizes conflict risk with other skills.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: joiner-mover-leaver automation, role mining, access request workflows, periodic recertification, and orphaned account remediation. These are clearly defined, domain-specific capabilities. | 3 / 3 |
Completeness | Clearly answers both 'what' (builds comprehensive identity governance processes including specific capabilities) and 'when' ('Activates for requests involving identity lifecycle management, JML processes, role-based access provisioning, or identity governance program design'). | 3 / 3 |
Trigger Term Quality | Includes strong natural keywords users would say: 'identity lifecycle management', 'JML processes', 'role-based access provisioning', 'identity governance', 'joiner-mover-leaver', 'recertification', 'orphaned account'. Covers both full terms and abbreviations (JML, IGA). | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive niche in identity governance and lifecycle management. Terms like 'joiner-mover-leaver', 'role mining', 'IGA platforms', and 'recertification' are very specific to this domain and unlikely to conflict with other skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
27%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is extremely verbose, embedding hundreds of lines of architectural template code that Claude could generate from a brief description. It reads more like a comprehensive design document or tutorial than a concise skill instruction. The content would benefit enormously from being restructured into a brief overview with references to separate detailed files, and from removing explanations of concepts Claude already understands.
Suggestions
Reduce the SKILL.md to a concise overview (~50-80 lines) covering the JML lifecycle states, key decision points, and common pitfalls, then move the detailed code templates into separate referenced files (e.g., HR_CONNECTOR.md, ROLE_MINING.md, ACCESS_REQUESTS.md).
Remove the glossary table and verbose descriptions of well-known IGA concepts—Claude already understands these terms and can define them when needed.
Add explicit validation checkpoints between workflow steps, such as 'Verify HR connector returns expected data before proceeding to role mining' and 'Validate birthright role definitions with business owners before enabling auto-provisioning.'
Replace the full class implementations with concise code snippets showing only the non-obvious patterns (e.g., the SOD check logic, the risk classification thresholds) and let Claude generate the boilerplate connector code as needed.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Extremely verbose at ~500+ lines. The identity lifecycle state machine, HR connector, role mining engine, access request engine, and orphaned account detector are all fully fleshed out classes that Claude could generate on demand. The glossary table defines terms Claude already knows. Much of this content explains concepts rather than providing unique, non-obvious guidance. | 1 / 3 |
Actionability | The code examples are fairly detailed and structured, but they are not truly executable—they depend on undefined clients (iga_client, risk_catalog, app_connectors) and hypothetical API responses. They serve more as architectural templates/pseudocode than copy-paste ready implementations. The scenario section provides a good step-by-step approach but remains at a planning level. | 2 / 3 |
Workflow Clarity | The 5-step workflow provides a logical sequence from defining lifecycle states through implementation, but lacks explicit validation checkpoints between steps. There are no 'verify before proceeding' gates, no error recovery loops, and no guidance on what to do when HR data is inconsistent or connectors fail. For a process involving destructive operations like account disablement, this is a significant gap. | 2 / 3 |
Progressive Disclosure | The entire skill is a monolithic wall of content with no references to external files. Massive code blocks for the HR connector, role mining engine, access request workflow, and orphaned account detector should be split into separate reference files. There is no layered structure—everything is inline regardless of whether it's overview or deep implementation detail. | 1 / 3 |
Total | 6 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
skill_md_line_count | SKILL.md is long (677 lines); consider splitting into references/ and linking | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Repository
- mukul975/Anthropic-Cybersecurity-Skills
- Commit
c15f73d
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.