Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From cybersecurity-skills
Audits AWS, GCP, and Azure infrastructure for misconfigurations, excessive permissions, and security gaps using CLI tools and IaC file review.
npx claudepluginhub briiirussell/cybersecurity-skills --plugin cybersecurity-skillsHow this skill is triggered — by the user, by Claude, or both
Slash command
/cybersecurity-skills:cloud-auditThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Audit cloud infrastructure configurations for misconfigurations, excessive permissions, public exposure, and compliance gaps. Covers AWS, GCP, and Azure.
Assess and improve cloud infrastructure security posture through configuration review, access control, and compliance monitoring.
Audits AWS security posture using AWS CLI commands for IAM permissions, open security groups/S3 buckets, encryption, logging, and compliance gaps.
Audits cloud infrastructure for misconfigurations in AWS IAM privilege escalation, exposed S3 buckets, GCP service accounts, Azure RBAC, Kubernetes API servers, and metadata credential leaks.
Share bugs, ideas, or general feedback.
Audit cloud infrastructure configurations for misconfigurations, excessive permissions, public exposure, and compliance gaps. Covers AWS, GCP, and Azure.
Cross-references: iam-audit for the consultant-style IAM deep-dive (design / audit / migrate across identity providers and federation patterns) — this skill includes an IAM section but stays at the cloud-posture level; for role design, JIT access, workload identity federation, and migration plans, invoke iam-audit. container-audit for Kubernetes-specific posture sitting on top of cloud. secrets-audit for secrets-manager hygiene and rotation.
Findings should use the three-disposition rule (Fixed / Deferred / Accepted Risk) per owasp-audit's Report Format.
Identify:
aws, gcloud, az) or reviewing IaC files (Terraform, CloudFormation, Pulumi)AWS:
aws iam get-account-summary
aws iam list-users
aws iam generate-credential-report && aws iam get-credential-report --output text --query Content | base64 -d
Check for: root account usage without MFA, access keys older than 90 days, unused credentials, wildcard permissions ("Action": "*"), overprivileged roles.
GCP:
gcloud projects get-iam-policy $PROJECT_ID
gcloud iam service-accounts list
Check for: primitive roles (Owner/Editor) on too many principals, unused service accounts, service account keys instead of workload identity.
Azure:
az role assignment list --all
az ad user list
Check for: excessive Owner/Contributor assignments, guest users with high privileges.
IaC review: Grep Terraform/CloudFormation files for "Action": "*", "Resource": "*", hardcoded secrets, overly broad trust policies.
Check for:
0.0.0.0/0 ingressAWS S3:
aws s3api list-buckets
aws s3api get-public-access-block --bucket <name>
aws s3api get-bucket-policy --bucket <name>
aws s3api get-bucket-encryption --bucket <name>
Check for: public buckets, missing encryption, no versioning, no lifecycle policies, overly permissive bucket policies.
GCP/Azure: Equivalent checks for Cloud Storage and Blob Storage — look for allUsers/allAuthenticatedUsers access or anonymous blob access.
HttpTokens = required)# Cloud Security Audit Report
## Account(s): [account ID(s)]
## Provider: [AWS/GCP/Azure]
## Regions: [audited regions]
## Date: [date]
### Summary
- Total findings: X
- Critical: X | High: X | Medium: X | Low: X
### Findings
#### [SEVERITY] [Category]: [Title]
**Resource:** [resource ARN/ID]
**Region:** [region]
**Issue:** [What the misconfiguration is]
**Risk:** [What an attacker could do]
**Evidence:** [CLI output or IaC snippet]
**Remediation:** [Specific fix command or IaC change]
---
### Prioritized Action Plan
1. [Critical — immediate]
2. [High — this week]
3. [Medium — this month]
4. [Low — next quarter]