com um clique
cloudsplaining
cloudsplaining contém 9 skills coletadas de salesforce, com cobertura ocupacional por repositório e páginas de detalhe dentro do site.
Skills neste repositório
Open a generated cloudsplaining HTML report and QA it with the dogfood skill, focused on the Privilege Escalation findings. This skill should be used to visually verify a report renders correctly after onboarding a new technique or refreshing fixtures. It writes browser artifacts to a gitignored directory and never persists auth state.
Verify that regenerating cloudsplaining's example report does not silently drop findings. This skill should be used after changing PRIVILEGE_ESCALATION_METHODS or other constants, after editing examples/files/example.json, or before refreshing the committed example fixtures. It snapshots the current report, regenerates, runs a deterministic finding diff, and performs a dogfood visual comparison, failing if any finding disappeared.
Systematically explore a web application to find bugs and UX issues. Use when asked to dogfood, QA, exploratory test, or bug-hunt. Produces a structured report with screenshots, repro videos, and detailed steps for every finding.
Find bugs, security vulnerabilities, and code quality issues in local branch changes. Use when asked to review changes, find bugs, security review, or audit code on the current branch.
Iterate on a PR until actionable CI passes and high/medium review feedback is addressed. Use for PR CI failures, review feedback, or green-check loops; do not wait for human approval, draft status, or merge gates.
Closed-loop pipeline that takes a decided change (e.g. onboarding a pathfinding.cloud privilege-escalation technique) through implementation, code review, bug-hunt, report QA (example data and optionally a real AWS account), a pre-push safety scan, and a PR — never pushing to main. This skill should be used to drive a privesc-onboarding change end-to-end with minimal mid-run gates.
Add a single AWS IAM privilege-escalation technique (e.g. from pathfinding.cloud) to cloudsplaining's detection. This skill should be used when the method name and required action list are already decided — it is a pure executor, not a planner. It updates constants.py with TDD, regenerates fixtures with a regression check, and updates the docs.
Run cloudsplaining against a REAL AWS account for QA, writing all output to a gitignored directory and never committing live data. This skill should be used to validate detections end-to-end against real IAM data. It selects an AWS profile interactively, forces output under .live-scans/, QAs the report, and wipes the output afterward.
Take a GitHub issue or proposal, research it against this repo, frame 2-3 options, and help the user decide — then emit a plan and optionally launch the mega-pipeline. This skill should be used to turn an incoming proposal (e.g. a pathfinding.cloud privesc path) into a decided, planned, ready-to-execute change.