# Evaluate Technology Stack Decisions

Engineering teams need objective comparisons before choosing frameworks, platforms, or migration paths. This skill turns project context into weighted scores, cost estimates, security checks, and decision-ready recommendations.

## Install

```bash
npx skillstore add alirezarezvani/tech-stack-evaluator
```

## Metadata

- - Slug: alirezarezvani-tech-stack-evaluator
- - Version: 1.0.0
- - Author: alirezarezvani
- - GitHub username: alirezarezvani
- - License: MIT
- - Repository: https://github.com/alirezarezvani/claude-skills/tree/main/engineering-team/tech-stack-evaluator
- - Ref: main
- - Supported tools: Claude, Codex, Claude Code
- - Risk level: low
- - Risk factors: scripts, filesystem, env\_access
- - Quality score: 77
- - Quality tier: bronze
- - Public page: https://skillstore.pages.dev/skills/alirezarezvani-tech-stack-evaluator
- - Manifest: https://skillstore.pages.dev/api/skills/alirezarezvani-tech-stack-evaluator/manifest

## Capabilities

- Compares frameworks, languages, databases, and cloud providers with weighted scoring criteria.
- Calculates total cost of ownership using licensing, hosting, training, migration, and scaling inputs.
- Assesses security posture and compliance readiness for GDPR, SOC2, HIPAA, and PCI-DSS checklists.
- Estimates migration complexity, effort, timeline, risks, and recommended migration approach.
- Generates executive summaries and detailed markdown reports for desktop or CLI contexts.
- Parses conversational text, JSON-like input, YAML-like input, and URL lists for evaluation requests.

## Use Cases

- Choose a Frontend Framework: Compare React, Vue, Svelte, and Angular for a product team with specific skills, timelines, and maintainability goals.
- Plan a Cloud Provider Decision: Evaluate AWS, Azure, and Google Cloud for workload fit, cost drivers, team readiness, and long-term platform risk.
- Review Stack Compliance Gaps: Assess whether a proposed application stack has the security features needed for SOC2, GDPR, HIPAA, or PCI-DSS planning.

## Prompt Templates

### Compare Two Options

```
Compare React and Vue for a SaaS dashboard. Focus on developer experience, ecosystem maturity, performance, and hiring risk.
```

### Evaluate a Proposed Stack

```
Evaluate this stack for a real-time collaboration product: Next.js, Node.js, PostgreSQL, Redis, WebSockets, and AWS. Include strengths, risks, and a recommendation.
```

### Estimate Ownership Cost

```
Calculate a five-year TCO comparison for AWS and Azure. Team size is 12 developers, hosting is currently 8000 dollars per month, and usage grows 25 percent yearly.
```

### Build a Migration Decision Report

```
Assess migration from AngularJS to React for a 75000-line application with 300 components. Include effort, timeline, risks, rollback strategy, SOC2 impact, and decision confidence.
```

## Limitations

- It does not fetch live GitHub, npm, cloud pricing, or CVE data by itself.
- Cost, security, and ecosystem results depend on the data and assumptions provided by the user.
- Compliance output is planning guidance, not legal certification or an audit opinion.
- Closed-source and internal tools need user-provided metrics before meaningful comparison.

## Best Practices

- Provide the use case, team skills, timeline, budget constraints, and decision priorities before asking for a recommendation.
- Use explicit weights when one factor, such as security or cost, matters more than general platform popularity.
- Review assumptions in the TCO, security, and migration sections before using the report for approval.

## Anti Patterns

- Do not use it as the only source for production security or compliance certification.
- Do not compare many unrelated technologies without a clear use case and weighted criteria.
- Do not treat default cost estimates as final budgets without replacing them with internal numbers.

## Security Audit

- - Safe to publish: true
- - Audited at: 2026-06-28T09:09:28.421\+00:00
- - Summary: The static analyzer reported a critical heuristic, but review found no command execution, network client usage, secret harvesting, obfuscation, or prompt injection attempt. Most high and medium matches are false positives from markdown examples, security terminology, URL parsing, and technology evaluation vocabulary. Residual risk is low because the skill contains Python scripts, checks one non-secret environment variable, and can write a report to a caller-provided filename.

## Stats

- - Views: 194
- - Downloads: 5
- - Favorites: 0
- - Popularity score: 0