Skills
skills/mukul975/anthropic-cybersecurity-skills/implementing-cloud-workload-protection

implementing-cloud-workload-protection

SKILL.md

Implementing Cloud Workload Protection

Instructions

Monitor cloud workloads for runtime threats by checking process lists, network connections, file integrity, and resource utilization anomalies.

import boto3

ssm = boto3.client("ssm")
# Run command on EC2 instances to check for suspicious processes
response = ssm.send_command(
    InstanceIds=["i-1234567890abcdef0"],
    DocumentName="AWS-RunShellScript",
    Parameters={"commands": ["ps aux | grep -E 'xmrig|minerd|cryptonight'"]},
)

Key protection areas:

  1. Process monitoring for cryptominers and reverse shells
  2. File integrity monitoring on critical system files
  3. Network connection auditing for C2 callbacks
  4. Resource utilization anomaly detection (CPU spikes)
  5. Unauthorized binary detection via hash comparison

Examples

# Check for unauthorized outbound connections
ssm.send_command(
    InstanceIds=instances,
    DocumentName="AWS-RunShellScript",
    Parameters={"commands": ["ss -tlnp | grep ESTABLISHED"]},
)
Weekly Installs
1
Repository
mukul975/anthro…y-skills
GitHub Stars
1.3K
First Seen
2 days ago
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
Installed on
amp1
cline1
opencode1
cursor1
kimi-cli1
codex1