What infrastructure tools does this skill support?

It supports major cloud providers including AWS, GCP, and Azure, alongside IaC frameworks like Terraform and Pulumi, and Kubernetes manifests.

How does it help with IAM roles?

It identifies wildcard permissions and over-privileged roles, providing specific recommendations to apply least-privilege policies.

Can it detect hardcoded secrets in my code?

Yes, it scans .env files, variable definitions, and resource configurations for hardcoded passwords, API keys, and unencrypted strings.

Does it help with SOC2 or HIPAA compliance?

Yes, it includes specialized checklists and validation rules to ensure your infrastructure meets specific requirements for major compliance standards.

Infrastructure Security Reviewer

Name: Infrastructure Security Reviewer
Author: physics91

byphysics91

0•

보안 및 테스팅

Audits infrastructure-as-code and cloud configurations to identify security vulnerabilities, hardcoded secrets, and compliance gaps.

The Infrastructure Security Reviewer skill is a specialized tool for Claude Code designed to perform deep security audits of cloud environments and infrastructure-as-code (IaC). it automatically detects critical risks such as hardcoded secrets, over-permissive IAM roles, insecure network policies, and unencrypted storage across AWS, GCP, and Azure. By aligning configurations with industry standards like SOC2, HIPAA, and PCI, it provides actionable remediation steps and best practices to harden your infrastructure before deployment.

주요 기능

010 GitHub stars

02Automated secrets scanning for IaC, environment files, and variables

03Encryption-at-rest and in-transit verification for storage and databases

04Compliance readiness checks for SOC2, HIPAA, and PCI standards

05Deep IAM and RBAC analysis to enforce least-privilege access

06Network policy validation for Kubernetes and cloud security groups

사용 사례

01Identifying and migrating hardcoded secrets to managed services like AWS Secrets Manager or Vault

02Hardening Kubernetes clusters by enforcing strict NetworkPolicies and RBAC configurations

03Performing a comprehensive pre-deployment security audit on Terraform or Pulumi scripts

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add physics91/claude-vibe infra-security-reviewer

For use in Claude.ai and ChatGPT

Download Skill