Does it require external scanners to work?

While it integrates with Semgrep, Checkov, and Tfsec for enhanced detection, it can perform manual code analysis and grep-based checks as a fallback.

How does it handle event injection risks?

It traces untrusted data from event sources like API Gateway, SQS, or S3 to sensitive sinks like database queries or shell commands to prevent injection attacks.

Can it detect vulnerabilities in Infrastructure as Code?

Yes, it analyzes Terraform (.tf), serverless.yml, template.yaml, and other IaC files to find IAM and configuration risks.

What kind of IAM issues does it find?

It identifies 'Action: *' or 'Resource: *' wildcards, overly broad permissions, and insecure role assumption chains that violate security best practices.

Which cloud providers does the Serverless Security skill support?

It supports major providers and frameworks including AWS Lambda (SAM/Serverless Framework), Azure Functions, and Google Cloud Functions.

Serverless Security Audit

Name: Serverless Security Audit
Author: florianbuetow

byflorianbuetow

•

Security & Testing

Analyzes serverless applications for security vulnerabilities including overprivileged IAM policies, event injection, and insecure configuration.

The Serverless Security skill provides a specialized auditing framework for cloud-native applications, focusing on AWS Lambda, Azure Functions, and Google Cloud Functions. It automatically identifies critical risks such as overprivileged IAM roles, secrets stored in plaintext environment variables, and event data injection vulnerabilities that lead to remote code execution. By combining automated scanning via Semgrep and Checkov with deep manual code analysis, this skill ensures your serverless architecture adheres to the principle of least privilege and best practices for secure event handling.

Key Features

01Optimization of concurrency and timeout limits to prevent resource exhaustion attacks.

02Identification of sensitive credentials stored in plaintext environment variables.

03Injection detection for untrusted event data used in SQL, shell commands, or file paths.

04Analysis of insecure /tmp directory data persistence between warm invocations.

056 GitHub stars

06Comprehensive IAM policy auditing to eliminate overprivileged 'Resource: *' permissions.

Use Cases

01Scanning Infrastructure as Code (Terraform, SAM, Serverless Framework) for cloud misconfigurations.

02Identifying cross-function event flow vulnerabilities and trust boundary issues.

03Auditing AWS Lambda functions and IAM roles for principle of least privilege compliance.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add florianbuetow/claude-code serverless

For use in Claude.ai and ChatGPT

Download Skill