aws-penetration-testing
Provide comprehensive techniques for penetration testing AWS cloud environments. Covers IAM enumeration, privilege escalation, SSRF to metadata endpoint, S3 bucket exploitation, Lambda code extraction, and persistence techniques for red team operations.
81
Quality
77%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Critical
Do not install without reviewing
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/aws-penetration-testing/SKILL.mdQuality
Discovery
82%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong, technically specific description that clearly communicates the skill's offensive security focus on AWS environments. The main weakness is the absence of an explicit 'Use when...' clause, which would help Claude know exactly when to select this skill. The technical depth and specific technique enumeration make it highly distinctive.
Suggestions
Add an explicit 'Use when...' clause, e.g., 'Use when the user asks about AWS security testing, cloud pentesting, red team exercises targeting AWS, or exploiting AWS services.'
Consider adding trigger variations like 'cloud security assessment', 'AWS attack techniques', or 'offensive AWS security' to capture more natural user phrasings.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'IAM enumeration, privilege escalation, SSRF to metadata endpoint, S3 bucket exploitation, Lambda code extraction, and persistence techniques'. These are distinct, actionable security testing activities. | 3 / 3 |
Completeness | Clearly answers 'what does this do' with comprehensive technique coverage, but lacks an explicit 'Use when...' clause or equivalent trigger guidance. The 'when' is only implied through context (red team operations, penetration testing). | 2 / 3 |
Trigger Term Quality | Includes strong natural keywords users would say: 'penetration testing', 'AWS', 'IAM', 'privilege escalation', 'SSRF', 'S3 bucket', 'Lambda', 'red team'. These cover both technical terms and common variations security professionals use. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive niche combining AWS cloud security with offensive security techniques. The specific combination of 'penetration testing AWS' with detailed technique names (SSRF to metadata endpoint, Lambda code extraction) creates clear differentiation from general AWS or general security skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
72%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a comprehensive and highly actionable AWS penetration testing skill with executable commands and clear organization. The main weaknesses are missing validation checkpoints for risky operations (IAM modifications, CloudTrail disabling) and some minor verbosity in introductory sections. The progressive disclosure is excellent with appropriate use of reference files for advanced content.
Suggestions
Add explicit validation steps after privilege escalation attempts (e.g., 'Verify escalation: aws sts get-caller-identity' after each technique)
Include rollback/cleanup commands alongside destructive operations like CloudTrail disabling
Remove the redundant 'When to Use' section and trim the Purpose section since it duplicates the description
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is reasonably efficient but includes some unnecessary elements like the purpose section restating the description, and the 'When to Use' section adds no value. The tables and command references are well-organized but could be tighter. | 2 / 3 |
Actionability | Provides fully executable commands and code throughout - AWS CLI commands are copy-paste ready, Python code is complete, and specific tool commands are provided with exact syntax. Examples include real command structures with placeholder values. | 3 / 3 |
Workflow Clarity | Steps are listed in a logical sequence (enumeration → exploitation → persistence), but lacks explicit validation checkpoints. For destructive operations like disabling CloudTrail or modifying IAM policies, there are no verification steps or rollback procedures documented. | 2 / 3 |
Progressive Disclosure | Well-structured with clear sections, a quick reference table for common tasks, and appropriate delegation to an advanced reference file. Content is organized from basic enumeration to advanced techniques with clear navigation. | 3 / 3 |
Total | 10 / 12 Passed |
Validation
90%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 10 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 10 / 11 Passed | |
- Repository
- sickn33/antigravity-awesome-skills
- Commit
9c177eb
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.