From azure-inspector
Expertise in evaluating Azure subscription findings from azure-inspector and mapping them to SCF controls.
How this skill is triggered — by the user, by Claude, or both
Slash command
/azure-inspector:azure-inspector-expertThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Use this skill when interpreting `azure-inspector` findings or explaining Azure control gaps.
Use this skill when interpreting azure-inspector findings or explaining Azure control gaps.
Entra ID
| SCF | Check | Typical outcome |
|---|---|---|
| IAC-01.1 | MFA posture needs Graph/authentication-method verification | inconclusive when Azure CLI cannot prove coverage |
| IAC-04 | Enabled Conditional Access policies exist | high fail if none found |
Storage accounts
| SCF | Check | Severity |
|---|---|---|
| CRY-05 | Blob/file encryption enabled | high if disabled |
| DCH-01.2 | Blob public access disabled | critical if allowed |
| CRY-06 | Minimum TLS version is TLS 1.2 or later | medium |
Key Vault
| SCF | Check | Severity |
|---|---|---|
| BCD-11 | Soft delete and purge protection | high/medium |
| IAC-07.2 | Azure RBAC authorization preferred over access policies | medium |
Monitor + Defender for Cloud
| SCF | Check | Severity |
|---|---|---|
| MON-02 | Subscription Activity Log diagnostic export configured | high |
| MON-01.2 | Defender for Cloud Standard plan enabled | high |
inconclusive as an evidence gap, not a pass. Entra MFA coverage often needs Microsoft Graph permissions beyond basic Azure Reader.not_applicable document as a scope signal, not a security defect. Example: no Key Vaults found.allowBlobPublicAccess=true is a high-risk configuration even when no container is currently public because it permits future public ACLs.az login is valid but the principal lacks subscription Reader.Policy.Read.All.allowBlobPublicAccess=false, enforce TLS 1.2+, and keep service encryption enabled.v0.1.0 does not inspect network security groups, Azure Policy assignments, VM disk encryption, AKS, SQL, Sentinel analytics, or Defender recommendations. Mark those as future connector coverage unless separate evidence is supplied.
4plugins reuse this skill
First indexed Jul 18, 2026
Guides collaborative design exploration before implementation: explores context, asks clarifying questions, proposes approaches, and writes a design doc for user approval.
Creates structured, bite-sized implementation plans from specs or requirements before writing code. Useful for breaking down multi-step tasks into testable steps with file structure and task boundaries.
Synthesizes the current conversation into a structured spec (PRD) and publishes it to the project issue tracker with a ready-for-agent label, without interviewing the user.
npx claudepluginhub vantainc/claude-grc-engineering --plugin azure-inspector