From asi
Detects risky OAuth application consent grants in Azure AD/Entra ID using Microsoft Graph API, audit logs, and permission analysis to identify illicit consent attacks. For SOC analysts and threat hunting.
npx claudepluginhub plurigrid/asi --plugin asiThis skill uses the workspace's default tool permissions.
Illicit consent grant attacks trick users into granting excessive permissions to malicious OAuth applications in Azure AD / Microsoft Entra ID. This skill uses the Microsoft Graph API to enumerate OAuth2 permission grants, analyze application permissions for overly broad scopes, review directory audit logs for consent events, and flag high-risk applications based on publisher verification statu...
Detects illicit OAuth consent grants in Azure AD/Entra ID via Microsoft Graph API, audit logs, and permission analysis. Flags risky apps for security incident response and threat hunting.
Detects high-risk OAuth app consent grants in Azure AD/Entra ID using Microsoft Graph API, audit logs, and permission analysis to identify illicit consent attacks.
Performs OAuth 2.0 scope minimization reviews to identify over-permissioned third-party apps, excessive API scopes, unused token grants, and risky consents in Entra ID, Okta, and SaaS platforms. For audits and compliance.
Share bugs, ideas, or general feedback.
Illicit consent grant attacks trick users into granting excessive permissions to malicious OAuth applications in Azure AD / Microsoft Entra ID. This skill uses the Microsoft Graph API to enumerate OAuth2 permission grants, analyze application permissions for overly broad scopes, review directory audit logs for consent events, and flag high-risk applications based on publisher verification status and permission scope.
Application.Read.All, AuditLog.Read.All, Directory.Read.Allmsal, requests/oauth2PermissionGrantsConsent to application events