Exploring Agent based Cloud Review Capabilities
Aura InfoSec presents a Claude Code CLI plugin that performs semi-autonomous AWS cloud security reviews by combining AI-driven reasoning with active environment probing. Unlike rule-based scanners (e.g., Prowler), the plugin uses a loop-based validation structure that cross-references AWS CLI configuration data with live external probes (via nmap, curl, testssl.sh) to distinguish genuine exposures from expected configurations. It integrates PMapper for IAM privilege escalation path detection (PassRole abuse, role-hopping chains) and includes skills for blast radius assessment and PoC generation. The key differentiator is the config-vs-reality gap analysis: a resource may look private in API responses but be reachable via CloudFront, API Gateway, or misconfigured VPCs — the plugin flags these discrepancies. The lab environment includes deliberate false-positive traps to validate contextual reasoning over surface-level signal matching.