Connects Claude to the cloud-audit scanner, which walks AWS environments to find attack chains and IAM privilege escalation paths. You get tools to run full scans, generate blast radius graphs from a seed resource (EC2 instance, IAM role, Lambda, S3 bucket), detect active threat patterns from recent incidents, and simulate fixes before applying them. The blast radius command runs offline against saved scan data and outputs tree, Mermaid, or JSON formats you can drop into the live visualizer. Useful when you're triaging findings and need to answer "what can an attacker reach if this one resource is compromised" or "which fix collapses the most exposure." The threat feed checks for cryptomining, leaked credential scanners, and CVE patterns tied to 2025-2026 campaigns with research references attached.
claude mcp add --transport stdio gebalamariusz-cloud-audit uvx cloud-audit