cloud-penetration-testing

Conducts comprehensive security assessments of cloud infrastructures across Azure, AWS, and GCP, identifying vulnerabilities and misconfigurations.

Install this skill

0/100

Security score

The cloud-penetration-testing skill was audited on May 12, 2026 and we found 33 security issues across 5 threat categories, including 3 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

high line 34

Piping content to bash shell

SourceSKILL.md

34	curl https://sdk.cloud.google.com \| bash

medium line 30

Curl to non-GitHub URL

SourceSKILL.md

30	curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"

medium line 34

Curl to non-GitHub URL

SourceSKILL.md

34	curl https://sdk.cloud.google.com \| bash

medium line 67

Curl to non-GitHub URL

SourceSKILL.md

67	curl "https://login.microsoftonline.com/[email protected]&xml=1"

medium line 70

Curl to non-GitHub URL

SourceSKILL.md

70	curl "https://login.microsoftonline.com/target.com/v2.0/.well-known/openid-configuration"

medium line 266

Curl to non-GitHub URL

SourceSKILL.md

266	curl http://169.254.169.254/latest/meta-data/

medium line 267

Curl to non-GitHub URL

SourceSKILL.md

267	curl http://169.254.169.254/latest/meta-data/iam/security-credentials/

medium line 270

Curl to non-GitHub URL

SourceSKILL.md

270	TOKEN=$(curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")

medium line 271

Curl to non-GitHub URL

SourceSKILL.md

271	curl http://169.254.169.254/latest/meta-data/profile -H "X-aws-ec2-metadata-token: $TOKEN"

medium line 342

Curl to non-GitHub URL

SourceSKILL.md

342	curl "http://metadata.google.internal/computeMetadata/v1/?recursive=true&alt=text" -H "Metadata-Flavor: Google"

medium line 345

Curl to non-GitHub URL

SourceSKILL.md

345	curl http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/scopes -H 'Metadata-Flavor:Google'

high line 386

Curl to non-GitHub URL

SourceSKILL.md

386	\| Metadata \| `curl http://169.254.169.254/latest/meta-data/` \|

high line 398

Curl to non-GitHub URL

SourceSKILL.md

398	\| Metadata \| `curl -H "Metadata-Flavor: Google" http://metadata.google.internal/...` \|

low line 357

Access to hidden dotfiles in home directory

SourceSKILL.md

357	sudo cp -r /home/user/.config/gcloud ~/.config

medium line 347

Access to system keychain/keyring

SourceSKILL.md

347	# Decrypt data with keyring

medium line 348

Access to system keychain/keyring

SourceSKILL.md

348	gcloud kms decrypt --ciphertext-file=encrypted.enc --plaintext-file=out.txt --key <key> --keyring <keyring> --location global

low line 30

External URL reference

SourceSKILL.md

30	curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"

low line 34

External URL reference

SourceSKILL.md

34	curl https://sdk.cloud.google.com \| bash

low line 67

External URL reference

SourceSKILL.md

67	curl "https://login.microsoftonline.com/[email protected]&xml=1"

low line 70

External URL reference

SourceSKILL.md

70	curl "https://login.microsoftonline.com/target.com/v2.0/.well-known/openid-configuration"

low line 266

External URL reference

SourceSKILL.md

266	curl http://169.254.169.254/latest/meta-data/

low line 267

External URL reference

SourceSKILL.md

267	curl http://169.254.169.254/latest/meta-data/iam/security-credentials/

low line 270

External URL reference

SourceSKILL.md

270	TOKEN=$(curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")

low line 271

External URL reference

SourceSKILL.md

271	curl http://169.254.169.254/latest/meta-data/profile -H "X-aws-ec2-metadata-token: $TOKEN"

low line 342

External URL reference

SourceSKILL.md

342	curl "http://metadata.google.internal/computeMetadata/v1/?recursive=true&alt=text" -H "Metadata-Flavor: Google"

low line 345

External URL reference

SourceSKILL.md

345	curl http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/scopes -H 'Metadata-Flavor:Google'

low line 386

External URL reference

SourceSKILL.md

386	\| Metadata \| `curl http://169.254.169.254/latest/meta-data/` \|

low line 398

External URL reference

SourceSKILL.md

398	\| Metadata \| `curl -H "Metadata-Flavor: Google" http://metadata.google.internal/...` \|

low line 404

External URL reference

SourceSKILL.md

404	\| AWS \| `http://169.254.169.254/latest/meta-data/` \|

low line 405

External URL reference

SourceSKILL.md

405	\| Azure \| `http://169.254.169.254/metadata/instance?api-version=2018-02-01` \|

low line 406

External URL reference

SourceSKILL.md

406	\| GCP \| `http://metadata.google.internal/computeMetadata/v1/` \|

low line 449

External URL reference

SourceSKILL.md

449	python fire.py --access_key <key> --secret_access_key <secret> --region us-east-1 --url https://login.microsoft.com --command create

low line 453

External URL reference

SourceSKILL.md

453	Invoke-MSOLSpray -UserList .\users.txt -Password "Spring2024!" -URL https://<api-gateway>.execute-api.us-east-1.amazonaws.com/fireprox

Scanned on May 12, 2026

View Security Dashboard

Installation guide →

GitHub Stars 21.5K

Rate this skill

Categorydevelopment

UpdatedMay 20, 2026

frontend docx api database testing devops backend security-engineer devops-sre ml-ai-engineer aws azure gcp development

sickn33/antigravity-awesome-skills