aegisops-ai
Autonomous DevSecOps & FinOps Guardrails. Orchestrates Gemini 3 Flash to audit Linux Kernel patches, Terraform cost drifts, and K8s compliance.
25
16%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./plugins/antigravity-awesome-skills-claude/skills/aegisops-ai/SKILL.mdQuality
Discovery
32%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description attempts to cover a niche intersection of DevSecOps and FinOps but suffers from buzzword-heavy language ('Autonomous DevSecOps & FinOps Guardrails') without clearly explaining concrete actions or when to use the skill. The mention of 'Gemini 3 Flash' is confusing in a Claude skill context and adds no selection value. The lack of a 'Use when...' clause significantly hurts its utility for skill selection.
Suggestions
Add an explicit 'Use when...' clause with natural trigger phrases, e.g., 'Use when the user asks to review kernel patches for security issues, check Terraform plans for cost drift, or validate Kubernetes manifests against compliance policies.'
Replace vague action words like 'orchestrates' and 'audit' with specific concrete actions, e.g., 'Scans Linux kernel patch diffs for CVE patterns, compares Terraform plan costs against budgets, validates K8s manifests against CIS benchmarks.'
Remove or clarify the 'Gemini 3 Flash' reference — it's unclear why a Claude skill would orchestrate a competing model, and it doesn't help with skill selection.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names specific domains (Linux Kernel patches, Terraform cost drifts, K8s compliance) and some actions (audit, orchestrate), but the actions themselves are vague — 'orchestrates' and 'audit' lack concrete detail about what specific operations are performed (e.g., does it generate reports, block merges, flag violations?). | 2 / 3 |
Completeness | Describes what it does (audits patches, cost drifts, compliance) but completely lacks any 'Use when...' clause or explicit trigger guidance. Per the rubric, a missing 'Use when...' clause should cap completeness at 2, and since the 'what' is also somewhat vague, this scores a 1. | 1 / 3 |
Trigger Term Quality | Includes some relevant technical keywords like 'Terraform', 'K8s', 'Linux Kernel patches', 'cost drifts', and 'compliance', but these are fairly niche jargon. Missing natural user phrases like 'security audit', 'infrastructure costs', 'Kubernetes policy', 'patch review'. The term 'Gemini 3 Flash' is oddly specific and not something a user would search for. | 2 / 3 |
Distinctiveness Conflict Risk | The combination of DevSecOps, FinOps, Linux Kernel patches, Terraform, and K8s is fairly specific and unlikely to conflict with generic skills. However, the broad umbrella terms 'DevSecOps' and 'FinOps' could overlap with other security or cost-management skills, and the description doesn't clearly delineate boundaries. | 2 / 3 |
Total | 7 / 12 Passed |
Implementation
0%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill reads like a project README or marketing document rather than an actionable skill for Claude. It spends most of its tokens explaining concepts Claude already understands, describing problems at a high level, and using promotional language, while providing almost no concrete instructions on how to actually perform the audits. The absence of executable examples, specific module invocation patterns, input/output formats, and validation workflows makes this skill largely unusable.
Suggestions
Replace the problem/solution descriptions with concrete usage examples showing exact commands and expected inputs/outputs for each module (e.g., how to invoke patch_analyzer.py with a specific diff file and what the JSON output looks like).
Add explicit multi-step workflows with validation checkpoints for each audit type (e.g., '1. Extract diff → 2. Run analyzer → 3. Check severity in output → 4. If CRITICAL, block merge').
Remove all marketing language, emoji headers, and explanations of well-known concepts (UAF, IaC, Least Privilege) to reduce token usage by at least 50%.
Include example input/output pairs for each module so Claude knows the exact format expected (e.g., a sample terraform plan snippet and the corresponding audit report JSON structure).
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is highly verbose, explaining concepts Claude already knows (what UAF is, what Terraform does, what Kubernetes security contexts are, what IaC is). It includes extensive marketing-style language ('Living Pipeline', 'Neural Patch Analysis', 'Deep Reasoning'), emoji decorations, and problem/solution descriptions that don't add actionable value. Much of the content reads like a README rather than a skill instruction. | 1 / 3 |
Actionability | The skill provides almost no concrete, executable guidance for Claude. There are no code examples showing how to actually use the modules (patch_analyzer.py, cost_auditor.py, k8s_policy_generator.py), no example inputs/outputs, no API calls, and no specific commands beyond basic setup (clone, pip install, python3 main.py). Claude wouldn't know how to invoke individual modules or what arguments they accept. | 1 / 3 |
Workflow Clarity | There is no clear multi-step workflow for performing any of the three core tasks. The skill describes what the modules do conceptually but never sequences the steps for actually running an audit, handling errors, or validating results. No validation checkpoints or feedback loops are present for these security-critical operations. | 1 / 3 |
Progressive Disclosure | No bundle files are provided, yet the skill references multiple Python modules (patch_analyzer.py, cost_auditor.py, k8s_policy_generator.py) without any supporting documentation. The content is a monolithic wall of descriptive text with no clear navigation to detailed usage instructions. The structure mixes setup, conceptual descriptions, and best practices without clear hierarchy. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- sickn33/antigravity-awesome-skills
- Commit
22710e9
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.