detecting-compromised-cloud-credentials

Installation
SKILL.md

Detecting Compromised Cloud Credentials

When to Use

  • When investigating alerts about unusual cloud API activity from unfamiliar locations
  • When building detection rules for credential theft and abuse across cloud environments
  • When responding to notifications from cloud providers about exposed credentials
  • When monitoring for credential stuffing or brute force attacks against cloud identities
  • When assessing the scope of a credential compromise after initial detection

Do not use for preventing credential compromise (use MFA, credential rotation, and secrets management), for detecting application-level credential theft (use application security monitoring), or for endpoint credential harvesting detection (use EDR tools).

Prerequisites

Installs
46
GitHub Stars
24.7K
First Seen
Mar 18, 2026
detecting-compromised-cloud-credentials — mukul975/anthropic-cybersecurity-skills