Run any Skill in Manus with one click

add-check

Stars11

Forks3

UpdatedApril 28, 2026 at 09:22

Scaffold a new IAM policy validation check with proper structure, tests, and registration. Use when the user wants to add a new check, create a new validation rule, scaffold a check, or implement a new policy check. Triggers on "/add-check", "add a new check", "create a new validation check", or "scaffold a check".

Installation

Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.

Run Skill in Manus

Source

boogy

boogy/iam-policy-validator

View GitHub Repository View Creator Repositories

Download

Run Skill in Manus

Related occupationsSOC

Based on SOC occupation classification

Information Security AnalystsComputer and Mathematical Occupations·SOC 15-1212

File Explorer

2 files

SKILL.md

readonly

name	add-check
description	Scaffold a new IAM policy validation check with proper structure, tests, and registration. Use when the user wants to add a new check, create a new validation rule, scaffold a check, or implement a new policy check. Triggers on "/add-check", "add a new check", "create a new validation check", or "scaffold a check".

Add Check

Scaffold a new IAM policy validation check end-to-end.

Workflow

Given the check name argument: $ARGUMENTS

1. Parse Check Name

Convert to snake_case for check_id (e.g., my_check)
Convert to PascalCase for class name (e.g., MyCheck)
If no argument, ask for: check name, description, severity

2. Ask Clarifying Questions

What does this check validate?
What severity level? (low, medium, high, critical, error, warning)
What check type?
- Statement-level (execute) — runs per statement. For individual actions, resources, conditions.
- Policy-level (execute_policy) — runs per policy. For cross-statement validation, aggregate analysis, policy-wide constraints.
- Combined (both) — for checks needing both per-statement AND policy-wide analysis.
What issue_type category? (e.g., overly_permissive, invalid_action, policy_structure)

3. Create Check File

Create iam_validator/checks/{check_name}.py using the appropriate template from references/templates.md.

4. Update Imports

Add to iam_validator/checks/__init__.py:

from iam_validator.checks.{check_name} import {CheckName}Check
# Add "{CheckName}Check" to __all__

5. Register the Check

Add to iam_validator/core/check_registry.py in create_default_registry():

registry.register(checks.{CheckName}Check())

6. Create Test File

Create tests/checks/test_{check_name}_check.py using the appropriate test template from references/templates.md.

7. Verify

uv run ruff check iam_validator/checks/{check_name}.py
uv run ruff format iam_validator/checks/{check_name}.py
uv run pytest tests/checks/test_{check_name}_check.py -v

8. Update Defaults

Update iam_validator/core/config/defaults.py with new check's default config
Update examples/configs/full-reference-config.yaml

9. Update Documentation

CHANGELOG.md: Add entry under ### Added for the in-progress version
iam_validator/checks/CLAUDE.md: Add a row to the "Built-in checks" table
docs/user-guide/checks/: Add a page if user-facing

Reference Checks by Type

Statement-Level: wildcard_action.py, wildcard_resource.py, action_validation.py, condition_key_validation.py

Policy-Level: sid_uniqueness.py, policy_size.py, policy_structure.py, policy_type_validation.py

Combined: action_condition_enforcement.py, sensitive_action.py

Examples

/add-check require_vpc_restriction — statement-level
/add-check duplicate_permission_detection — policy-level
/add-check tag_enforcement — will ask for type

More from this repository

same repository

iam-policy-validator

boogy/iam-policy-validator

Validate, analyze, and query AWS IAM policies with the iam-policy-validator CLI, and export findings as JSON for a second agent to verify and post to a GitHub PR. Use when checking, validating, linting, or auditing IAM identity, resource, or trust policies, SCPs, or RCPs; when the user mentions wildcard actions, privilege escalation, sensitive actions, confused deputy, or overly permissive policies; when querying which AWS actions, condition keys, or ARNs a service supports (or which actions support a condition key); when running AWS IAM Access Analyzer; or when exporting SARIF/Markdown/HTML/JSON findings for PR review. CLI-based alternative to the MCP server.

2026-06-1711

fix-issue

boogy/iam-policy-validator

Analyze and fix a GitHub issue for the iam-policy-validator project. Use when the user wants to fix a GitHub issue, resolve a bug report, or implement a feature request from an issue. Triggers on "/fix-issue", "fix issue

2026-04-2811

review

boogy/iam-policy-validator

Comprehensive code review of recent changes in the iam-policy-validator project. Use when the user wants a code review, quality check, or audit of recent changes. Triggers on "/review", "review my changes", "code review", or "check code quality".

2026-04-2811

update-claude-md

boogy/iam-policy-validator

Analyse codebase and generate a hierarchical CLAUDE.md system optimized for Claude Code. Use when the user wants to update, regenerate, or create CLAUDE.md files, set up project documentation for Claude Code, or optimize the CLAUDE.md hierarchy. Triggers on "/update-claude-md", "update CLAUDE.md", "regenerate CLAUDE.md", or "set up Claude Code docs".

2026-04-2811

name	add-check
description	Scaffold a new IAM policy validation check with proper structure, tests, and registration. Use when the user wants to add a new check, create a new validation rule, scaffold a check, or implement a new policy check. Triggers on "/add-check", "add a new check", "create a new validation check", or "scaffold a check".

Add Check

Scaffold a new IAM policy validation check end-to-end.

Workflow

Given the check name argument: $ARGUMENTS

1. Parse Check Name

Convert to snake_case for check_id (e.g., my_check)
Convert to PascalCase for class name (e.g., MyCheck)
If no argument, ask for: check name, description, severity

2. Ask Clarifying Questions

What does this check validate?
What severity level? (low, medium, high, critical, error, warning)
What check type?
- Statement-level (execute) — runs per statement. For individual actions, resources, conditions.
- Policy-level (execute_policy) — runs per policy. For cross-statement validation, aggregate analysis, policy-wide constraints.
- Combined (both) — for checks needing both per-statement AND policy-wide analysis.
What issue_type category? (e.g., overly_permissive, invalid_action, policy_structure)

3. Create Check File

Create iam_validator/checks/{check_name}.py using the appropriate template from references/templates.md.

4. Update Imports

Add to iam_validator/checks/__init__.py:

from iam_validator.checks.{check_name} import {CheckName}Check
# Add "{CheckName}Check" to __all__

5. Register the Check

Add to iam_validator/core/check_registry.py in create_default_registry():

registry.register(checks.{CheckName}Check())

6. Create Test File

Create tests/checks/test_{check_name}_check.py using the appropriate test template from references/templates.md.

7. Verify

uv run ruff check iam_validator/checks/{check_name}.py
uv run ruff format iam_validator/checks/{check_name}.py
uv run pytest tests/checks/test_{check_name}_check.py -v

8. Update Defaults

Update iam_validator/core/config/defaults.py with new check's default config
Update examples/configs/full-reference-config.yaml

9. Update Documentation

CHANGELOG.md: Add entry under ### Added for the in-progress version
iam_validator/checks/CLAUDE.md: Add a row to the "Built-in checks" table
docs/user-guide/checks/: Add a page if user-facing

Reference Checks by Type

Statement-Level: wildcard_action.py, wildcard_resource.py, action_validation.py, condition_key_validation.py

Policy-Level: sid_uniqueness.py, policy_size.py, policy_structure.py, policy_type_validation.py

Combined: action_condition_enforcement.py, sensitive_action.py

Examples

/add-check require_vpc_restriction — statement-level
/add-check duplicate_permission_detection — policy-level
/add-check tag_enforcement — will ask for type