CCM
/MCP
SkillsMCPMarketplacesDigestToolsAdvertise

This week in Claude

Every Monday: Claude Code, Agent SDK, MCP, and the Anthropic platform moves worth your time.

Skills by Category
Frontend DevelopmentBackend & APIsTesting & QASecurityDevOps & CI/CDGit & Pull RequestsDocumentationCode Review & QualityAI & Agent BuildingSkill Development
MCP Servers by Category
Sales & MarketingWeb & Browser AutomationDatabasesAI & LLM ToolsCloud & InfrastructureCommunication & MessagingDeveloper ToolsDesign & CreativeDocuments & KnowledgeSearch & Web Crawling
Marketplaces by Category
AI Agents & OrchestrationLLM IntegrationDevelopment ToolsFrontend & UIBackend & APIsDatabasesTesting & Code QualityDevOps & CloudSecurity & ComplianceGit & Version Control

Claude Code Marketplaces

Discover Claude Code plugins, extensions, and tools. Automatically updated directory of Anthropic Claude AI marketplaces with development tools, productivity plugins, and integrations.

Resources

  • Browse Skills
  • Browse MCP Servers
  • Browse Marketplaces
  • Plugins Reference

Community

  • About
  • Tools
  • Feedback
  • Privacy Policy
  • Advertise

Built for the Claude Code community with Claude Code by @mertduzgun

Independent project, not affiliated with Anthropic

cloud-audit

gebalamariusz/cloud-audit
59STDIOregistry active
Summary

Connects Claude to the cloud-audit scanner, which walks AWS environments to find attack chains and IAM privilege escalation paths. You get tools to run full scans, generate blast radius graphs from a seed resource (EC2 instance, IAM role, Lambda, S3 bucket), detect active threat patterns from recent incidents, and simulate fixes before applying them. The blast radius command runs offline against saved scan data and outputs tree, Mermaid, or JSON formats you can drop into the live visualizer. Useful when you're triaging findings and need to answer "what can an attacker reach if this one resource is compromised" or "which fix collapses the most exposure." The threat feed checks for cryptomining, leaked credential scanners, and CVE patterns tied to 2025-2026 campaigns with research references attached.

CodeRabbit
CodeRabbit
AI writes the code. CodeRabbit catches the slop.
Try For Free →
AppSignal
AppSignal
Monitor with ease. Code with confidence.
Start Free Trial →
AI notepad for back-to-back meetings
AI notepad for back-to-back meetings
Notes, actions and memory. Without a meeting bot. First month 100% off.
Download for free →
Keep your Mac awake
Keep your Mac awake
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Email for Agents: Free tier availableEmail for Agents: Free tier available
Email for Agents: Free tier available
Give your AI agent a complete email layer—sending, inbound inboxes, and sandbox testing.
Get 4K emails/month free →
Context.devContext.dev
Context.dev
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
CodeScene MCP ServerCodeScene MCP Server
CodeScene MCP Server
Your agent targets a perfect 10 Code Health score. Deterministic. Every commit.
Try For Free →
Make your agent a DeFi expert
Make your agent a DeFi expert
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
CodeRabbit
CodeRabbit
AI writes the code. CodeRabbit catches the slop.
Try For Free →
AppSignal
AppSignal
Monitor with ease. Code with confidence.
Start Free Trial →
AI notepad for back-to-back meetings
AI notepad for back-to-back meetings
Notes, actions and memory. Without a meeting bot. First month 100% off.
Download for free →
Keep your Mac awake
Keep your Mac awake
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Email for Agents: Free tier availableEmail for Agents: Free tier available
Email for Agents: Free tier available
Give your AI agent a complete email layer—sending, inbound inboxes, and sandbox testing.
Get 4K emails/month free →
Context.devContext.dev
Context.dev
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
CodeScene MCP ServerCodeScene MCP Server
CodeScene MCP Server
Your agent targets a perfect 10 Code Health score. Deterministic. Every commit.
Try For Free →
Make your agent a DeFi expert
Make your agent a DeFi expert
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →

cloud-audit logo

cloud-audit

English | 简体中文

Find AWS attack paths, IAM escalation routes, and the fixes that matter most.

Open-source, read-only AWS security scanner. It correlates findings into attack chains, ranks fixes by how many chains they break, and ships an AWS CLI + Terraform fix with every finding. No agent, no infrastructure, nothing written to your account.

PyPI version Python versions CI License: MIT Docker Documentation

Quick Start - What You Get - Installation - What's Checked - Documentation

Quick Start

pip install cloud-audit
cloud-audit scan          # uses your default AWS credentials and region

No AWS account handy? Run a full sample report offline:

cloud-audit demo

cloud-audit is read-only. It never modifies your infrastructure; SecurityAudit is enough (permissions).

Example Output

+---- Attack Chains (5 detected) -----------------------------------+
|  CRITICAL  Internet-Exposed Admin Instance                        |
|            i-0abc123 - public SG + admin IAM role + IMDSv1        |
|  CRITICAL  IAM Privilege Escalation via iam:PassRole              |
|            ci-deploy-role - 3-step path to admin                  |
|  CRITICAL  CI/CD to Admin Takeover                                |
|            github-deploy - OIDC without sub + admin policy        |
+-------------------------------------------------------------------+

+---- Remediation Plan ---------------------------------------------+
|  Fix 4 root causes, break 22 attack chains                        |
|  Quick wins (effort LOW, 14 chains):                              |
|    1. Restrict SG ingress on sg-0abc123   -> breaks 8 chains      |
|    2. Add OIDC sub condition              -> breaks 6 chains      |
+-------------------------------------------------------------------+

Preview a fix before you touch anything:

cloud-audit simulate --fix aws-vpc-002
# Score 34 -> 58 (+24)  |  Chains broken 8 of 22  |  Findings resolved 11

What You Get

  • Attack chains // 31 rules correlate individual findings into exploitable paths (MITRE ATT&CK + pathfinding.cloud). docs
  • Root-cause fixes // groups findings by shared cause and ranks them: "fix 4 things, break 22 chains," with a what-if simulate to preview impact. docs
  • IAM privilege escalation // 64 methods across 9 categories, including lateral movement through the AssumeRole graph. docs
  • Blast radius // walk outward from any resource to see what an attacker reaches; export JSON to the live visualizer. docs
  • Proof Mode // scan --verify checks each escalation path against the IAM policy simulator (read-only) and flags the ones the principal can actually perform. docs
  • Data perimeter // resource-policy checks for confused-deputy and cross-org exposure, evaluating condition values (not just their presence). docs
  • AgentCore security // checks for Amazon Bedrock AgentCore AI agents: network mode, MMDSv2, memory encryption, gateway authorizer. docs
  • Threat Feed // 10 detectors for active-abuse patterns from 2025-2026 incidents, each with a primary-source citation. docs
  • Remediation on every finding // copy-paste AWS CLI + reviewable Terraform you apply yourself; security findings also carry a USD breach-cost estimate with sources.
  • Trend & drift // cloud-audit diff catches ClickOps drift between scans; cloud-audit trend tracks posture over time.

blast-audit visualizer - executive briefing view
Drop a cloud-audit blast-radius --format json export into the open visualizer at blast-audit.haitmg.pl - everything runs in your browser.

Reports

cloud-audit scan --format html  -o report.html    # client-ready
cloud-audit scan --format sarif -o results.sarif  # GitHub Code Scanning
cloud-audit scan --format json  -o report.json    # machine-readable
cloud-audit scan --format markdown -o report.md   # PR comments

CI/CD

- run: pip install cloud-audit
- run: cloud-audit scan --format sarif --output results.sarif
- uses: github/codeql-action/upload-sarif@v3
  with:
    sarif_file: results.sarif

--quiet exits with a code only: 0 clean, 1 findings, 2 error. Gate on severity with --min-severity high. Ready-made workflows: basic scan, daily diff, post-deploy.

Installation

pip install cloud-audit                              # pip (recommended)
pipx install cloud-audit                             # isolated
docker run ghcr.io/gebalamariusz/cloud-audit scan   # Docker

Docker with credentials:

docker run -v ~/.aws:/home/cloudaudit/.aws:ro ghcr.io/gebalamariusz/cloud-audit scan

AWS Permissions

Read-only. Attach the AWS-managed SecurityAudit policy (covers every check, including IAM escalation analysis):

aws iam attach-role-policy --role-name auditor \
  --policy-arn arn:aws:iam::aws:policy/SecurityAudit

cloud-audit never modifies your infrastructure. simulate runs locally against scan data and makes no AWS calls.

What's Checked

110 checks across 25 AWS services - IAM, S3, EC2, VPC, RDS, KMS, CloudTrail, GuardDuty, Lambda, Secrets Manager, Bedrock, SageMaker, Bedrock AgentCore, DynamoDB, and more. Run cloud-audit list-checks, or see the full check reference.

6 compliance frameworks via scan --compliance <id>: CIS AWS v3.0 and SOC 2 Type II (stable), plus ISO 27001:2022, HIPAA, NIS2, and BSI C5:2020 (beta). docs

MCP server for AI agents - 6 read-only tools (scan_aws, get_findings, get_attack_chains, get_remediation, get_health_score, list_checks):

claude mcp add cloud-audit -- uvx --from cloud-audit cloud-audit-mcp
Common flags and configuration
cloud-audit scan -R                                      # show remediation inline
cloud-audit scan --profile prod --regions eu-central-1   # profile / region
cloud-audit scan --regions all                           # all enabled regions
cloud-audit scan --role-arn arn:aws:iam::...:role/audit  # cross-account
cloud-audit scan --export-fixes fixes.sh                 # export all fixes

Configure defaults in .cloud-audit.yml (regions, min_severity, exclude_checks, time-boxed suppressions). Environment variables (CLOUD_AUDIT_REGIONS, CLOUD_AUDIT_MIN_SEVERITY, ...) override the file; CLI flags override everything. See the configuration guide.

Documentation

Full documentation at haitmg.pl/cloud-audit: getting started, attack chains, IAM escalation, blast radius, Proof Mode, data perimeter, AgentCore, compliance, and the full check reference.

Commercial Support

cloud-audit is free and stays free. If you want a human on the findings, the author offers professional services:

  • Scanner output review (free) - send your cloud-audit / Prowler / Security Hub output, get a short written review of what actually matters and what to fix first
  • AWS security audit - full account audit with a prioritized report and ready-to-apply fixes
  • Remediation support - Terraform and IAM changes, verified against your workloads
  • Palo Alto VM-Series on AWS - architecture and security review (GWLB/TGW, HA, routing)

Details: haitmg.pl/cloud-audit-support or email kontakt@haitmg.pl.

Development

git clone https://github.com/gebalamariusz/cloud-audit.git
cd cloud-audit
pip install -e ".[dev]"
pytest -q && ruff check src/ tests/ && mypy src/

See CONTRIBUTING.md to add a check. Past releases in CHANGELOG.md.

License

MIT - Mariusz Gebala / HAIT

Featured
CodeRabbit
CodeRabbit
AI writes the code. CodeRabbit catches the slop.
Try For Free →
AppSignal
AppSignal
Monitor with ease. Code with confidence.
Start Free Trial →
AI notepad for back-to-back meetings
AI notepad for back-to-back meetings
Notes, actions and memory. Without a meeting bot. First month 100% off.
Download for free →
Keep your Mac awake
Keep your Mac awake
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Email for Agents: Free tier availableEmail for Agents: Free tier available
Email for Agents: Free tier available
Give your AI agent a complete email layer—sending, inbound inboxes, and sandbox testing.
Get 4K emails/month free →
Context.devContext.dev
Context.dev
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
CodeScene MCP ServerCodeScene MCP Server
CodeScene MCP Server
Your agent targets a perfect 10 Code Health score. Deterministic. Every commit.
Try For Free →
Make your agent a DeFi expert
Make your agent a DeFi expert
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
Categories
Cloud & InfrastructureSecurity & Pentesting
Registryactive
Packagecloud-audit
TransportSTDIO
UpdatedApr 17, 2026
View on GitHub

Related Cloud & Infrastructure MCP Servers

View all →
K8s

silenceper/mcp-k8s

Provides Kubernetes resource management and Helm operations via MCP for easy automation and LLM integration.
145
Containerization Assist

azure/containerization-assist

TypeScript MCP server for AI-powered containerization workflows with Docker and Kubernetes support
41
AWS Builder

io.github.evozim/aws-builder

AWS CloudFormation and Terraform infrastructure blueprint builder.
Kubernetes

strowk/mcp-k8s-go

MCP server connecting to Kubernetes
381
Kubernetes

reza-gholizade/k8s-mcp-server

Provides a standardized MCP interface to interact with Kubernetes clusters, enabling resource management, metrics, logs, and events.
156
MCP Server Kubernetes

flux159/mcp-server-kubernetes

Provides unified Kubernetes management via MCP, enabling kubectl-like operations, Helm interactions, and observability.
1.4k