headless-cloud-security

Sysdig Headless Cloud Security

Summary

Sysdig's cloud security expertise, packaged as agent skills that work natively in your AI environment.

Description

Headless Cloud Security brings Sysdig's runtime-grounded security knowledge directly into Claude, so security teams can onboard, investigate, and operate cloud security workflows without leaving their AI environment.

Built for enterprises that have adopted coding agents as part of their standard toolchain, Headless Cloud Security packages over a decade of cloud security expertise as reusable skills covering environment onboarding, vulnerability management, risk analysis, and runtime threat investigation. Every action is designed to keep humans in control, with structured logging for full auditability.

Sysdig's runtime layer, powered by Falco, provides the high-fidelity, deterministic signals that make agent-driven security workflows trustworthy. The platform adapts to how your security program operates, not the other way around.

Public Beta Terms

Thank you for downloading the Public Beta/early preview release of the Sysdig Headless Cloud Security plugin (the “Plugin”). Customer’s use of the Plugin is voluntary and at Customer’s sole discretion. Customer use is subject to these Public Beta Terms (the “Terms”).

By downloading, installing, or using the Plugin, Customer represents and agrees that:

• The individual accepting or using the Plugin is authorized to bind Customer and Customer’s organization to these Terms;
• The Plugin is intended to operate solely within Customer’s internal AI tool that is compatible with the Plugin for Customer’s internal business purposes;
• The Plugin constitutes a beta, preview, or other non-generally available offering and is subject to the applicable preview release, beta feature, trial use, warranty disclaimer, limitation of liability, and related provisions set forth in the commercial purchase agreement, master subscription agreement, or other governing agreement between Customer and Sysdig;
• The Plugin incorporates agentic artificial intelligence capabilities, which may act autonomously or semi-autonomously based on Customer prompts, configured parameters, permissions, policies, and instructions to generate outputs, make recommendations, make decisions, or take actions on Customer’s behalf.

Customer acknowledges and agrees that Customer is solely responsible for: (i) reviewing, validating, monitoring, and supervising all outputs, decisions, recommendations, and actions generated or taken by the Plugin; and (ii) ensuring the accuracy, completeness, legality, appropriateness, and security of any resulting outputs, actions, or downstream effects.

The Plugin is provided “as is” and “as available,” without warranties of any kind, and Customer assumes all risks arising from or related to its download, installation, use, outputs, and operation.

How to use

Once installed, describe what you need in plain language. Examples:

• "Onboard my AWS account to Sysdig"
• "Show me the highest-risk vulnerabilities in production"
• "Investigate this runtime alert and tell me if it's exploitable"

Prerequisites

• A Sysdig Secure account with API access
• A Sysdig API token — generate one under Settings → Sysdig Secure API in your Sysdig instance
• A supported AI coding agent — Claude Code is the primary target; Cursor, OpenAI Codex, and OpenCode can use the bare skills via Compatibility with other agents
• Python 3 — required by skill scripts (uses stdlib only, no pip install needed)

Set up credentials

Skills auto-discover Sysdig credentials from your environment. Export them in your shell profile:

export SYSDIG_SECURE_URL="https://us2.app.sysdig.com"     # your Sysdig region URL
export SYSDIG_SECURE_API_TOKEN="your-api-token"

Sysdig region URLs:

Region	URL
US East (us1)	https://secure.sysdig.com
US West — Oregon (us2)	https://us2.app.sysdig.com
US West — GCP (us3)	https://app.us3.sysdig.com
US West — GCP Dallas (us4)	https://app.us4.sysdig.com
EU Central — Frankfurt (eu1)	https://eu1.app.sysdig.com
EU North — Stockholm (eu2)	https://app.eu2.sysdig.com
AP Sydney (au1)	https://app.au1.sysdig.com
AP Mumbai (in1)	https://app.in1.sysdig.com
ME South — Dammam (me2)	https://app.me2.sysdig.com

Never paste credentials in chat. Skills read them from environment variables only.

Install in Claude Code

/plugin marketplace add sysdig/skills
/plugin install headless-cloud-security@sysdig-skills

The marketplace install loads everything automatically: the plugin skills, the Sysdig MCP server (.mcp.json), and any per-skill MCP server dependencies declared in agents/*.yaml.

Compatibility with other agents