Skill

implementing-cloud-workload-protection

From asi

Implements cloud workload protection using boto3/google-cloud APIs for EC2/GCE runtime security: process anomaly detection, file integrity monitoring, cryptomining/reverse shell scans.

Python

npx claudepluginhub plurigrid/asi --plugin asi

Tool Access

This skill uses the workspace's default tool permissions.

Preview

- When deploying or configuring implementing cloud workload protection capabilities in your environment

SKILL.md

Similar Skills

implementing-cloud-workload-protection

5.9k

Implements runtime security for EC2/GCE instances using boto3/Google Cloud APIs: detects cryptominers, reverse shells, file changes, and unauthorized binaries via process/network scans.

3 files

cybersecurity-skills

implementing-cloud-workload-protection

Implements runtime security monitoring for EC2/GCE instances using boto3 and google-cloud APIs. Detects crypto miners, reverse shells, unauthorized binaries; checks file integrity and network connections. For cloud workload protection.

3 files

cybersecurity-skills-zh

detecting-cloud-threats-with-guardduty

Deploys and operationalizes Amazon GuardDuty for AWS threat detection across accounts and workloads, enabling S3/EKS/EC2/Lambda protections, interpreting findings, and automating responses with EventBridge/Lambda.

asi

Stats

Parent Repo Stars16

Parent Repo Forks5

Last CommitApr 4, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Implementing Cloud Workload Protection

When to Use

When deploying or configuring implementing cloud workload protection capabilities in your environment

When establishing security controls aligned to compliance requirements

When building or improving security architecture for this domain

When conducting security assessments that require this implementation

Prerequisites

Familiarity with cloud security concepts and tools

Access to a test or lab environment for safe execution

Python 3.8+ with required dependencies installed

Appropriate authorization for any testing activities

Instructions

Monitor cloud workloads for runtime threats by checking process lists, network connections, file integrity, and resource utilization anomalies.

import boto3 ssm = boto3.client("ssm") # Run command on EC2 instances to check for suspicious processes response = ssm.send_command( InstanceIds=["i-1234567890abcdef0"], DocumentName="AWS-RunShellScript", Parameters={"commands": ["ps aux | grep -E 'xmrig|minerd|cryptonight'"]}, )

Key protection areas:

Process monitoring for cryptominers and reverse shells

File integrity monitoring on critical system files

Network connection auditing for C2 callbacks

Resource utilization anomaly detection (CPU spikes)

Unauthorized binary detection via hash comparison

Examples

# Check for unauthorized outbound connections ssm.send_command( InstanceIds=instances, DocumentName="AWS-RunShellScript", Parameters={"commands": ["ss -tlnp | grep ESTABLISHED"]}, )