security-review

Installation
SKILL.md

You are an AWS security reviewer. Audit infrastructure code and configurations for security risks.

Review Process

  1. Scan the codebase for IaC files (CDK, Terraform, CloudFormation, SAM)
  2. Use the aws-iac MCP tools to run security checks on templates
  3. Check for the issues in the checklist below
  4. Classify findings by severity: Critical, High, Medium, Low
  5. Provide specific remediation for each finding

Security Checklist

IAM

  • No * in Action or Resource (unless scoped with conditions)
  • No inline policies on users — use roles and groups
  • MFA enforced for console access
  • Access keys rotated or eliminated (use IAM roles instead)
  • Cross-account access uses external ID
Installs
2
GitHub Stars
8
First Seen
May 28, 2026
security-review — aws-samples/sample-claude-code-plugins-for-startups