cloud-penetration-testing
Conduct comprehensive security assessments of cloud infrastructure across Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP).
51
41%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Critical
Do not install without reviewing
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/cloud-penetration-testing/SKILL.mdQuality
Discovery
32%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
The description identifies a clear domain (cloud security across Azure, AWS, GCP) but remains too high-level in describing specific actions and completely lacks explicit trigger guidance ('Use when...'). It would benefit from listing concrete assessment activities and adding natural trigger terms users would employ when requesting cloud security reviews.
Suggestions
Add a 'Use when...' clause with explicit triggers, e.g., 'Use when the user asks for cloud security audits, infrastructure vulnerability assessments, compliance reviews, or misconfiguration checks on Azure, AWS, or GCP environments.'
List specific concrete actions instead of the vague 'comprehensive security assessments', e.g., 'Reviews IAM policies, audits network security groups, checks encryption configurations, evaluates compliance posture, identifies misconfigurations.'
Include additional natural trigger terms users might say, such as 'cloud audit', 'security posture', 'cloud compliance', 'misconfiguration detection', 'CIS benchmarks', or 'cloud hardening'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (cloud infrastructure security) and the three major cloud providers, but 'comprehensive security assessments' is a broad action rather than listing specific concrete actions like 'review IAM policies, audit network configurations, check encryption settings'. | 2 / 3 |
Completeness | Describes what it does (security assessments of cloud infrastructure) but completely lacks a 'Use when...' clause or any explicit trigger guidance for when Claude should select this skill. Per rubric guidelines, a missing 'Use when...' clause caps completeness at 2, and the 'what' itself is also somewhat vague, warranting a score of 1. | 1 / 3 |
Trigger Term Quality | Includes good cloud provider keywords (Azure, AWS, GCP) and 'security assessments' and 'cloud infrastructure', but misses common user variations like 'cloud security audit', 'vulnerability scan', 'compliance check', 'misconfiguration', 'IAM review', or abbreviations users might naturally use. | 2 / 3 |
Distinctiveness Conflict Risk | The focus on cloud infrastructure security across three specific providers gives it some distinctiveness, but 'comprehensive security assessments' is broad enough to potentially overlap with general security review skills, compliance skills, or cloud architecture skills. | 2 / 3 |
Total | 7 / 12 Passed |
Implementation
50%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill excels at actionability with comprehensive, executable commands across Azure, AWS, and GCP, but suffers from extreme verbosity and redundancy. The workflow is logically sequenced but lacks validation checkpoints critical for security assessment operations. The content would benefit significantly from splitting platform-specific details into separate files and adding verification steps throughout.
Suggestions
Split platform-specific phases (Azure, AWS, GCP) into separate referenced files to reduce the main skill from ~400 lines to a concise overview with navigation links.
Remove the quick reference tables or the detailed phase commands — having both is redundant. Keep the tables in the main file and move detailed workflows to per-platform reference files.
Add explicit validation checkpoints after exploitation and persistence phases (e.g., 'Verify the service principal was created: Get-MsolServicePrincipal -AppPrincipalId <id>', 'Confirm access key works: aws sts get-caller-identity --profile backdoor').
Remove the 'Required Knowledge' section and trim the 'Purpose' section — Claude already understands cloud architecture, IAM, and API authentication.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is extremely verbose at ~400+ lines, with significant redundancy between the detailed phases and the quick reference tables. It includes prerequisite knowledge sections ('Required Knowledge') that explain concepts Claude already knows, and the 'Purpose' section restates the description. The quick reference tables duplicate commands already shown in the workflow phases. | 1 / 3 |
Actionability | The skill provides fully executable, copy-paste ready commands across all three cloud platforms. Every phase includes concrete CLI commands, PowerShell scripts, and bash commands with specific syntax, flags, and expected outputs. The examples section provides complete, realistic scenarios. | 3 / 3 |
Workflow Clarity | The 11 phases are clearly sequenced and logically ordered (recon → auth → enum → exploit → persist per platform), but there are no validation checkpoints or feedback loops. For operations involving persistence mechanisms (creating backdoor accounts, service principals) and exploitation (extracting secrets, running commands on VMs), the absence of verification steps and error recovery guidance is a significant gap. | 2 / 3 |
Progressive Disclosure | There is one reference to an advanced scripts file, but the main document is monolithic with massive inline content that could be split per-platform or per-phase. The quick reference tables at the end provide some structure, but the bulk of the content (all 11 phases) is inline when platform-specific details could be in separate referenced files. | 2 / 3 |
Total | 8 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
skill_md_line_count | SKILL.md is long (510 lines); consider splitting into references/ and linking | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Repository
- sickn33/antigravity-awesome-skills
- Commit
93c57b2
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.