--- name: cscore-check display_name: C-Score Check description: "Check c-scores for AWS account IDs using Columbo (primary) with Baywatch as fallback. Use when the user asks to check c-scores, verify account fraud status, look up account risk scores, or flag accounts with low c-scores. After presenting results, offer to proceed with Matador allowlisting or MS-Form c-score upgrade if the score indicates restricted access — this invokes the 'bedrock-capacity-request' skill. Requires browser authentication via Midway." icon: "🛡ī¸" trigger: check c-scores inputs: - name: account_ids description: "Comma-separated list of AWS Account IDs (12-digit) to check c-scores for (e.g. '444975673530, 123456789012')" type: string required: true - name: region description: "AWS region code for Baywatch fallback (e.g. 'IAD', 'DUB', 'PDX'). Only needed if Columbo fails. If not provided and Baywatch is needed, ask the user." type: string required: false tools: [run_python, file_write, open_in_session_tab, browser_navigate, browser_screenshot, browser_read_page, browser_run_js, browser_click, browser_type, browser_scroll, browser_wait, browser_new_tab] source: "slack:#quick-desktop-productivity" source_ts: "1780329518.886959" --- ## Overview This skill checks c-scores (containment scores) for AWS account IDs and produces an assessment based on **live Bedrock model access thresholds** fetched from the internal wiki. **Tool priority:** 1. **Columbo** (primary) — Direct URL lookup. Shows default c-score, regional scores, history, and account events. No region input needed. 2. **Baywatch** (fallback) — Only used if Columbo is entirely unreachable or returns no data. Requires a 3-letter region code. **Important:** C-score is a confidential internal mechanism and must NOT be shared with AWS customers. ## Wiki Reference **Source of truth:** `https://w.amazon.com/bin/view/BedrockLowCScoreQuotas` This wiki page contains the current c-score thresholds, model access tiers, and restriction policies. The skill reads this page at activation to ensure thresholds are always fresh. ## Workflow ### Step 1: Fetch Live Thresholds from Wiki Navigate to https://w.amazon.com/bin/view/BedrockLowCScoreQuotas and extract c-score threshold ranges, model access tiers, and restriction policies. **Fallback thresholds (last verified: 1 Jun 2026):** | C-Score Range | Access Level | |---|---| | < 210 | No Bedrock access at all | | 210–250 | Restricted RPM/TPD | | 251–300 | TPD restricted | | 301–349 | Daily cap $1K / no Opus 4.7 or Haiku 4.5 | | 350–600 | Opus 4.7/Haiku 4.5 with daily caps | | > 600 | Full access | ### Step 2: Parse Account IDs Validate each ID is exactly 12 digits numeric. ### Step 3: Look Up Each Account (Columbo Primary) Navigate to: `https://fraudtools.prod.us-east-1.columbo.fraud.aws.dev/#/investigations/globalsearch/33d23537-ac95-4061-abf1-20c1c19842ca?awsAccountId={account_id}` Extract: Default C-Score, C-Score Last Updated, Regional C-Scores, C-Score History. Fallback: Columbo search form UI, then Baywatch at `https://ec2-baywatch-prod-iad.iad.proxy.amazon.com/pages/accountInfo?accountId={account_id}®ion={region}`. ### Step 4: Assess and Flag Determine access tier and flag: - ⛔ Score < 210 — No Bedrock access - ⚠ī¸ Score 210–300 — Restricted, needs allowlist - ⚠ī¸ Score 301–349 — No Opus 4.7/Haiku 4.5/GPT access - ℹī¸ Score 350–600 — Access with daily spend caps - ✅ Score > 600 — Full access ### Step 5: Generate Report Save markdown report to `artifacts/cscore-report.md` with summary table, per-account details, and thresholds reference. ### Step 6: Suggest Next Actions Decision card with relevant follow-up options: - Score < 210: "Raise c-score to 210 via FIT RIVER workflow" - Score 210–349: "Submit c-score upgrade form (MS Form)" / "Allowlist on Matador" - Score 350+: "Submit capacity request on Matador" When user selects an action, invoke the `bedrock-capacity-request` skill. ## Output Markdown report with c-score results, access tier assessment, flags, and decision card for next actions.