MCPxelMCPxel
Co-Pilot
Updated 24 days ago

cloud-collector

WWorkstreet-Compliance
0.0k
workstreet-compliance/cloud-collector
82
Agent Score

💡 Summary

Automated compliance evidence collection for AWS, GCP, and Azure, generating audit-ready packages.

🎯 Target Audience

Compliance OfficersCloud Security EngineersIT AuditorsDevOps TeamsRisk Management Professionals

🤖 AI Roast:Powerful, but the setup might scare off the impatient.

Security AnalysisMedium Risk

Risk: Medium. Review: shell/CLI command execution; outbound network access (SSRF, data egress); filesystem read/write scope and path traversal; dependency pinning and supply-chain risk. Run with least privilege and audit before enabling in production.

Generate audit-ready evidence packages with automatic mapping to SOC 2, ISO 27001, NIST 800-53, and CIS benchmarks. Outputs structured JSON for GRC tools and formatted Markdown for auditor review.

Installation

Via skills.sh

npx skills add Workstreet-Compliance/Cloud-Collector

Via pip

git clone https://github.com/Workstreet-Compliance/Cloud-Collector.git
cd Cloud-Collector
pip install -r requirements.txt

Quick Start

Using with Claude Code

Just ask naturally:

"Collect SOC 2 evidence from my AWS account"

"Generate ISO 27001 audit documentation for GCP project xyz"

"Check my Azure subscription for NIST 800-53 compliance"

Programmatic Usage

from skills.evidence_collector.scripts.aws_evidence import AWSEvidenceCollector
from skills.evidence_collector.scripts.output_formatter import EvidenceFormatter

# Collect evidence
collector = AWSEvidenceCollector()
package = collector.collect_all()

# Export
EvidenceFormatter.save(package, "./evidence_output")  # JSON + Markdown
from skills.evidence_collector.scripts.gcp_evidence import GCPEvidenceCollector

collector = GCPEvidenceCollector(project_id="my-project-id")
package = collector.collect_all()
from skills.evidence_collector.scripts.azure_evidence import AzureEvidenceCollector

collector = AzureEvidenceCollector(subscription_id="your-subscription-id")
package = collector.collect_all()

Evidence Categories

| Category | AWS | GCP | Azure | |:---------|:----|:----|:------| | IAM | Users, roles, policies, MFA | IAM bindings, service accounts | RBAC, custom roles | | Logging | CloudTrail | Audit logs, sinks | Activity logs, diagnostics | | Storage | S3 policies, encryption | GCS IAM, public access | Storage account security | | Security | Security Hub findings | Security Command Center | Defender for Cloud | | Encryption | KMS keys, rotation | Cloud KMS key rings | Key Vault config | | Network | VPC, security groups, NACLs | Firewall rules, VPC | NSGs, VNets |

Frameworks

See references/control_mappings.md for complete mapping details.

Prerequisites

# Option 1: AWS CLI
aws configure

# Option 2: Environment variables
export AWS_ACCESS_KEY_ID=xxx
export AWS_SECRET_ACCESS_KEY=xxx

Required permissions:

  • iam:Get*, iam:List*
  • cloudtrail:Describe*, cloudtrail:Get*
  • s3:GetBucket*, s3:ListBucket
  • securityhub:Get*
  • kms:Describe*, kms:List*
  • ec2:Describe*
# Option 1: Application Default Credentials
gcloud auth application-default login

# Option 2: Service account
export GOOGLE_APPLICATION_CREDENTIALS=/path/to/key.json

Required roles:

  • roles/iam.securityReviewer
  • roles/logging.viewer
  • roles/storage.objectViewer
  • roles/securitycenter.findingsViewer
  • roles/cloudkms.viewer
  • roles/compute.viewer
# Option 1: Azure CLI
az login

# Option 2: Service principal
export AZURE_CLIENT_ID=xxx
export AZURE_CLIENT_SECRET=xxx
export AZURE_TENANT_ID=xxx

Required roles:

  • Reader
  • Security Reader
  • Key Vault Reader

Output Formats

JSON

Structured output for automated processing and GRC tool integration.

{
  "metadata": {
    "collection_timestamp": "2024-01-15T10:30:00Z",
    "cloud_provider": "aws",
    "account_id": "123456789012"
  },
  "evidence": [...],
  "control_mappings": [...]
}

Markdown

Human-readable reports with evidence grouped by category and control mapping tables—ready for auditor review.

Project Structure

cloud-evidence-collector/
├── skills/
│   └── evidence-collector/
│       ├── SKILL.md                 # Claude instructions
│       ├── scripts/
│       │   ├── aws_evidence.py
│       │   ├── gcp_evidence.py
│       │   ├── azure_evidence.py
│       │   └── output_formatter.py
│       └── references/
│           ├── control_mappings.md
│           └── evidence_schema.json
├── .claude-plugin/plugin.json       # Claude plugin config
├── skills.json                      # skills.sh config
└── requirements.txt

Contributing

  1. Fork the repository
  2. Create a feature branch
  3. Add evidence collectors or control mappings
  4. Submit a pull request

Security

This tool collects read-only evidence. It does not modify any cloud resources.

  • Always use least-privilege credentials
  • Review collected evidence before sharing externally
  • For security issues, email ryan@workstreet.com
5-Dim Analysis
Clarity9/10
Novelty7/10
Utility9/10
Completeness8/10
Maintainability8/10
Pros & Cons

Pros

  • Automates evidence collection.
  • Supports multiple cloud platforms.
  • Generates structured outputs for GRC tools.

Cons

  • Requires cloud credentials.
  • Limited to read-only operations.
  • Dependency on cloud provider APIs.

Related Skills

building-secure-contracts

A
toolCo-Pilot
88/ 100

“Powerful, but the setup might scare off the impatient.”

View Analysis

mcpspy

A
toolCo-Pilot
86/ 100

“MCPSpy: because who doesn't want to spy on their AI's secrets?”

View Analysis

prowler

A
toolCode Lib
86/ 100

“It's a Swiss Army knife for cloud security, but you'll need a PhD in YAML to configure all its moving parts.”

View Analysis

Disclaimer: This content is sourced from GitHub open source projects for display and rating purposes only.

Copyright belongs to the original author Workstreet-Compliance.