cloud-collector

Evidence Collector Skill

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "cloud-collector" with this command: npx skills add workstreet-compliance/cloud-collector/workstreet-compliance-cloud-collector-cloud-collector

Evidence Collector Skill

Automated compliance evidence collection for AWS, GCP, and Azure cloud environments.

When to Activate

Activate this skill when the user:

  • Asks to collect compliance evidence

  • Mentions SOC 2, ISO 27001, NIST 800-53, or CIS benchmarks

  • Requests audit documentation or evidence packages

  • Wants to verify security configurations across cloud providers

  • Asks about IAM policies, logging, encryption, or network security evidence

Prerequisites

Before running evidence collection, ensure:

AWS: Valid AWS credentials configured via:

  • Environment variables (AWS_ACCESS_KEY_ID , AWS_SECRET_ACCESS_KEY )

  • AWS credentials file (~/.aws/credentials )

  • IAM role (if running on EC2/Lambda)

  • Required permissions: iam:Get* , iam:List* , cloudtrail:Describe* , cloudtrail:Get* , s3:GetBucket* , s3:ListBucket , securityhub:Get* , kms:Describe* , kms:List* , ec2:Describe*

GCP: Valid GCP credentials configured via:

  • Application Default Credentials (gcloud auth application-default login )

  • Service account key file (GOOGLE_APPLICATION_CREDENTIALS )

  • Required roles: roles/iam.securityReviewer , roles/logging.viewer , roles/storage.objectViewer , roles/securitycenter.findingsViewer , roles/cloudkms.viewer , roles/compute.viewer

Azure: Valid Azure credentials configured via:

  • Azure CLI (az login )

  • Service principal environment variables

  • Required roles: Reader , Security Reader , Key Vault Reader

Usage Patterns

Collect All Evidence for a Cloud Provider

from scripts.aws_evidence import AWSEvidenceCollector from scripts.output_formatter import EvidenceFormatter

Collect AWS evidence

collector = AWSEvidenceCollector() package = collector.collect_all()

Output as JSON

print(EvidenceFormatter.to_json(package))

Output as Markdown report

print(EvidenceFormatter.to_markdown(package))

Save to files

EvidenceFormatter.save(package, "./evidence_output")

Collect Specific Evidence Categories

from scripts.aws_evidence import AWSEvidenceCollector

collector = AWSEvidenceCollector()

Collect only IAM evidence

iam_evidence = collector.collect_iam()

Collect only logging evidence

logging_evidence = collector.collect_cloudtrail()

Collect encryption evidence

encryption_evidence = collector.collect_kms()

Multi-Cloud Collection

from scripts.aws_evidence import AWSEvidenceCollector from scripts.gcp_evidence import GCPEvidenceCollector from scripts.azure_evidence import AzureEvidenceCollector from scripts.output_formatter import EvidenceFormatter

Collect from all providers

aws_package = AWSEvidenceCollector().collect_all() gcp_package = GCPEvidenceCollector(project_id="my-project").collect_all() azure_package = AzureEvidenceCollector(subscription_id="sub-id").collect_all()

Save all packages

for package in [aws_package, gcp_package, azure_package]: EvidenceFormatter.save(package, "./evidence_output")

Evidence Categories

Each cloud provider collector gathers evidence in these categories:

Category Description Controls Supported

IAM Identity policies, roles, users, groups CC6.1, CC6.2, CC6.3, A.9.2, AC-2, AC-3

Logging Audit trails, log configurations CC7.2, A.12.4, AU-2, AU-3, AU-12

Storage Bucket/blob policies, access controls CC6.1, A.8.2, AC-3, SC-28

Security Security findings, vulnerabilities CC7.1, A.12.6, SI-4, RA-5

Encryption Key management, encryption configs CC6.1, A.10.1, SC-12, SC-13

Network Firewall rules, security groups, NSGs CC6.6, A.13.1, SC-7, AC-4

Output Formats

JSON Output

Structured JSON following the schema in references/evidence_schema.json . Suitable for:

  • Automated processing

  • Integration with GRC tools

  • Long-term evidence storage

Markdown Output

Human-readable report with:

  • Metadata summary

  • Evidence grouped by category

  • Control mapping tables with status indicators

  • Suitable for auditor review and documentation

Control Framework Mappings

Evidence is automatically mapped to controls from:

  • SOC 2 Type II: CC (Common Criteria) series

  • ISO 27001: Annex A controls

  • NIST 800-53: Security and privacy controls

  • CIS Benchmarks: Cloud-specific benchmarks

See references/control_mappings.md for complete mapping details.

Error Handling

The collectors handle common errors gracefully:

  • Missing Permissions: Logs warning, continues with available data

  • API Rate Limits: Implements exponential backoff

  • Region Unavailable: Skips region, notes in output

  • Resource Not Found: Records as "not configured" evidence

Best Practices

  • Run with least privilege: Use read-only credentials

  • Scope appropriately: Collect only what you need for the audit

  • Timestamp everything: Evidence is timestamped automatically

  • Version control outputs: Store evidence packages in version control

  • Review before submission: Always review collected evidence before sharing with auditors

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

General

ll-feishu-audio

飞书语音交互技能。支持语音消息自动识别、AI 处理、语音回复全流程。需要配置 FEISHU_APP_ID 和 FEISHU_APP_SECRET 环境变量。使用 faster-whisper 进行语音识别,Edge TTS 进行语音合成,自动转换 OPUS 格式并通过飞书发送。适用于飞书平台的语音对话场景。

Archived SourceRecently Updated
--43622283
General

test_skill

import json import tkinter as tk from tkinter import messagebox, simpledialog

Archived SourceRecently Updated
--2023andrewyang
General

51mee-resume-profile

简历画像。触发场景:用户要求生成候选人画像;用户想了解候选人的多维度标签和能力评估。

Archived SourceRecently Updated
--51mee-com
General

51mee-resume-parse

简历解析。触发场景:用户上传简历文件要求解析、提取结构化信息。

Archived SourceRecently Updated
--51mee-com