cloud-penetration-testing

Conducts comprehensive security assessments of cloud infrastructures across Azure, AWS, and GCP, identifying vulnerabilities and misconfigurations.

Install this skill

0/100

Security score

The cloud-penetration-testing skill was audited on May 31, 2026 and we found 32 security issues across 4 threat categories, including 2 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

medium line 28

Curl to non-GitHub URL

SourceSKILL.md

28	curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"

medium line 34

Curl to non-GitHub URL

SourceSKILL.md

34	curl -fsSLo "$tmpdir/google-cloud-sdk-install.sh" https://sdk.cloud.google.com

medium line 69

Curl to non-GitHub URL

SourceSKILL.md

69	curl "https://login.microsoftonline.com/[email protected]&xml=1"

medium line 72

Curl to non-GitHub URL

SourceSKILL.md

72	curl "https://login.microsoftonline.com/target.com/v2.0/.well-known/openid-configuration"

medium line 268

Curl to non-GitHub URL

SourceSKILL.md

268	curl http://169.254.169.254/latest/meta-data/

medium line 269

Curl to non-GitHub URL

SourceSKILL.md

269	curl http://169.254.169.254/latest/meta-data/iam/security-credentials/

medium line 272

Curl to non-GitHub URL

SourceSKILL.md

272	TOKEN=$(curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")

medium line 273

Curl to non-GitHub URL

SourceSKILL.md

273	curl http://169.254.169.254/latest/meta-data/profile -H "X-aws-ec2-metadata-token: $TOKEN"

medium line 344

Curl to non-GitHub URL

SourceSKILL.md

344	curl "http://metadata.google.internal/computeMetadata/v1/?recursive=true&alt=text" -H "Metadata-Flavor: Google"

medium line 347

Curl to non-GitHub URL

SourceSKILL.md

347	curl http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/scopes -H 'Metadata-Flavor:Google'

high line 388

Curl to non-GitHub URL

SourceSKILL.md

388	\| Metadata \| `curl http://169.254.169.254/latest/meta-data/` \|

high line 400

Curl to non-GitHub URL

SourceSKILL.md

400	\| Metadata \| `curl -H "Metadata-Flavor: Google" http://metadata.google.internal/...` \|

low line 359

Access to hidden dotfiles in home directory

SourceSKILL.md

359	sudo cp -r /home/user/.config/gcloud ~/.config

medium line 349

Access to system keychain/keyring

SourceSKILL.md

349	# Decrypt data with keyring

medium line 350

Access to system keychain/keyring

SourceSKILL.md

350	gcloud kms decrypt --ciphertext-file=encrypted.enc --plaintext-file=out.txt --key <key> --keyring <keyring> --location global

low line 28

External URL reference

SourceSKILL.md

28	curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"

low line 34

External URL reference

SourceSKILL.md

34	curl -fsSLo "$tmpdir/google-cloud-sdk-install.sh" https://sdk.cloud.google.com

low line 69

External URL reference

SourceSKILL.md

69	curl "https://login.microsoftonline.com/[email protected]&xml=1"

low line 72

External URL reference

SourceSKILL.md

72	curl "https://login.microsoftonline.com/target.com/v2.0/.well-known/openid-configuration"

low line 268

External URL reference

SourceSKILL.md

268	curl http://169.254.169.254/latest/meta-data/

low line 269

External URL reference

SourceSKILL.md

269	curl http://169.254.169.254/latest/meta-data/iam/security-credentials/

low line 272

External URL reference

SourceSKILL.md

272	TOKEN=$(curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")

low line 273

External URL reference

SourceSKILL.md

273	curl http://169.254.169.254/latest/meta-data/profile -H "X-aws-ec2-metadata-token: $TOKEN"

low line 344

External URL reference

SourceSKILL.md

344	curl "http://metadata.google.internal/computeMetadata/v1/?recursive=true&alt=text" -H "Metadata-Flavor: Google"

low line 347

External URL reference

SourceSKILL.md

347	curl http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/scopes -H 'Metadata-Flavor:Google'

low line 388

External URL reference

SourceSKILL.md

388	\| Metadata \| `curl http://169.254.169.254/latest/meta-data/` \|

low line 400

External URL reference

SourceSKILL.md

400	\| Metadata \| `curl -H "Metadata-Flavor: Google" http://metadata.google.internal/...` \|

low line 406

External URL reference

SourceSKILL.md

406	\| AWS \| `http://169.254.169.254/latest/meta-data/` \|

low line 407

External URL reference

SourceSKILL.md

407	\| Azure \| `http://169.254.169.254/metadata/instance?api-version=2018-02-01` \|

low line 408

External URL reference

SourceSKILL.md

408	\| GCP \| `http://metadata.google.internal/computeMetadata/v1/` \|

low line 451

External URL reference

SourceSKILL.md

451	python fire.py --access_key <key> --secret_access_key <secret> --region us-east-1 --url https://login.microsoft.com --command create

low line 455

External URL reference

SourceSKILL.md

455	Invoke-MSOLSpray -UserList .\users.txt -Password "Spring2024!" -URL https://<api-gateway>.execute-api.us-east-1.amazonaws.com/fireprox

Scanned on May 31, 2026

View Security Dashboard

Installation guide →

GitHub Stars 39.2K

Rate this skill

Categorydevelopment

UpdatedJune 10, 2026

frontend docx api database testing devops backend security-engineer devops-sre ml-ai-engineer aws azure gcp development

sickn33/antigravity-awesome-skills