granted
Simplifies AWS role assumption and multi-account access using the Granted CLI for efficient cloud management.
Install this skill
Security score
The granted skill was audited on Mar 1, 2026 and we found 30 security issues across 4 threat categories, including 6 high-severity. Review the findings below before installing.
Categories Tested
Security Issues
Wget to non-GitHub URL
| 362 | wget -O- https://apt.releases.commonfate.io/gpg | sudo gpg --dearmor -o /usr/share/keyrings/common-fate-linux.gpg |
Access to hidden dotfiles in home directory
| 105 | grep -E '^\[profile ' ~/.aws/config | sed 's/\[profile //;s/\]//' |
Access to hidden dotfiles in home directory
| 182 | # ~/.aws/config |
Access to hidden dotfiles in home directory
| 213 | Settings stored in `~/.granted/`: |
Access to hidden dotfiles in home directory
| 226 | granted completion -s zsh >> ~/.zshrc |
Access to hidden dotfiles in home directory
| 227 | granted completion -s fish >> ~/.config/fish/completions/granted.fish |
Access to hidden dotfiles in home directory
| 261 | grep -A5 'my-profile' ~/.aws/config |
Access to hidden dotfiles in home directory
| 264 | echo $AWS_CONFIG_FILE # Should be empty or ~/.aws/config |
Access to hidden dotfiles in home directory
| 304 | --ex, --export Export credentials to ~/.aws/credentials |
Access to hidden dotfiles in home directory
| 305 | --es, --export-sso-token Export SSO token to ~/.aws/sso/cache |
Access to AWS credentials directory
| 105 | grep -E '^\[profile ' ~/.aws/config | sed 's/\[profile //;s/\]//' |
Access to AWS credentials directory
| 182 | # ~/.aws/config |
Access to AWS credentials directory
| 261 | grep -A5 'my-profile' ~/.aws/config |
Access to AWS credentials directory
| 264 | echo $AWS_CONFIG_FILE # Should be empty or ~/.aws/config |
Access to AWS credentials directory
| 304 | --ex, --export Export credentials to ~/.aws/credentials |
Access to AWS credentials directory
| 305 | --es, --export-sso-token Export SSO token to ~/.aws/sso/cache |
Access to .env file
| 16 | | `assume <profile> -y --env` | Assume and export to .env file | |
Access to .env file
| 146 | ### Pattern 6: Export to .env File |
Access to .env file
| 148 | The `--env` flag writes credentials to a `.env` file. It prompts to create the file if it doesn't exist. |
Access to .env file
| 151 | # Will prompt "Create .env file?" if not present - use -y to auto-accept |
Access to .env file
| 157 | # If .env already exists, it updates without prompting |
Access to .env file
| 158 | touch .env && assume my-profile --env |
Access to .env file
| 161 | **Note**: The `-y` flag auto-accepts creating the .env file. Without it, the command waits for interactive confirmation. |
Access to .env file
| 303 | -e, --env Export credentials to .env file (prompts to create) |
Access to .env file
| 318 | -y, --confirm Skip confirmation prompts (e.g., .env creation) |
Access to system keychain/keyring
| 362 | wget -O- https://apt.releases.commonfate.io/gpg | sudo gpg --dearmor -o /usr/share/keyrings/common-fate-linux.gpg |
Access to system keychain/keyring
| 363 | echo "deb [signed-by=/usr/share/keyrings/common-fate-linux.gpg] https://apt.releases.commonfate.io stable main" | sudo tee /etc/apt/sources.list.d/common-fate.list |
External URL reference
| 184 | sso_start_url = https://mycompany.awsapps.com/start |
External URL reference
| 362 | wget -O- https://apt.releases.commonfate.io/gpg | sudo gpg --dearmor -o /usr/share/keyrings/common-fate-linux.gpg |
External URL reference
| 363 | echo "deb [signed-by=/usr/share/keyrings/common-fate-linux.gpg] https://apt.releases.commonfate.io stable main" | sudo tee /etc/apt/sources.list.d/common-fate.list |
Install this skill with one command
/learn @zach-source/granted