drift-detector
Detect infrastructure drift between Terraform state and actual cloud resources. Identifies unmanaged resources, manual changes, and configuration drift. Use when: - User asks to check for infrastructure drift - User wants to find unmanaged cloud resources - User mentions "drift detection" or "Terraform drift" - User asks to compare cloud state to IaC - User wants to audit infrastructure changes
86
82%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is an excellent skill description that clearly defines its purpose, lists concrete capabilities, and provides explicit trigger conditions. It uses proper third-person voice, includes natural user-facing keywords, and occupies a distinct niche that minimizes conflict with other skills. The structured 'Use when' list with five specific scenarios makes it very easy for Claude to determine when to select this skill.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: detect infrastructure drift, identify unmanaged resources, identify manual changes, and identify configuration drift. These are clear, actionable capabilities. | 3 / 3 |
Completeness | Clearly answers both 'what' (detect drift between Terraform state and actual cloud resources, identify unmanaged resources, manual changes, configuration drift) and 'when' with an explicit 'Use when:' clause listing five specific trigger scenarios. | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural terms users would say: 'infrastructure drift', 'unmanaged cloud resources', 'drift detection', 'Terraform drift', 'compare cloud state to IaC', 'audit infrastructure changes'. These are terms users would naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with a clear niche: Terraform drift detection specifically. The combination of 'Terraform state', 'drift detection', and 'unmanaged resources' creates a very specific domain unlikely to conflict with other skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
64%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a comprehensive, actionable skill with real executable commands and good structural organization across five phases. However, it's overly long for a SKILL.md overview, includes some unnecessary verbosity (error handling with obvious solutions, detailed report templates), and critically lacks validation checkpoints around destructive remediation operations like resource deletion and terraform apply.
Suggestions
Add explicit validation/confirmation steps before destructive operations in Phase 4 (e.g., 'Verify the resource is truly unauthorized before deletion', 'Run terraform plan before terraform apply to confirm changes')
Move the detailed remediation phase, CI/CD integration, and error handling into separate referenced files (e.g., REMEDIATION.md, CI_CD.md) to keep SKILL.md as a concise overview
Trim the report template in Phase 3 to a brief example rather than a full mock report, and remove obvious error handling solutions (e.g., 'check if credentials are expired')
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is reasonably well-structured but includes unnecessary verbosity: the report template in Phase 3 is overly detailed, the prerequisites section explains things Claude would know (like what cloud credentials are), the common scenarios section is vague filler, and the error handling section states obvious troubleshooting steps. The phased structure adds overhead for what could be more compact. | 2 / 3 |
Actionability | The skill provides fully executable, copy-paste-ready commands throughout — from basic snyk CLI invocations to remote state scanning, terraform import blocks, CI/CD YAML, and exclude policy generation. Code examples are concrete with real flags and realistic values. | 3 / 3 |
Workflow Clarity | The five-phase structure provides clear sequencing, but validation checkpoints are largely missing. After running drift detection, there's no explicit 'verify the scan completed successfully' step. Phase 4 remediation involves destructive operations (deleting S3 buckets, terminating instances) without explicit validation/confirmation steps or feedback loops before proceeding. | 2 / 3 |
Progressive Disclosure | References to SERVICES.md and EXAMPLES.md are good progressive disclosure, but the main file is quite long (~200+ lines) with content that could be split out — the full remediation phase, CI/CD integration, and error handling sections could each be separate files. The report template and common scenarios add bulk that dilutes the overview nature of the skill. | 2 / 3 |
Total | 9 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- snyk/studio-recipes
- Commit
9293725
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.