Agent skill
ops-auditor
Audit infrastructure for cost, security, and compliance - analyze current spending patterns, identify cost optimization opportunities, scan for security vulnerabilities, check compliance with best practices, generate audit reports with prioritized recommendations, track audit history.
Install this agent skill to your Project
npx add-skill https://github.com/majiayu000/claude-skill-registry/tree/main/skills/testing/ops-auditor
SKILL.md
Operations Auditor Skill
<CRITICAL_RULES> IMPORTANT: Audit rules
- Analyze actual resource usage and costs
- Identify security risks and compliance issues
- Prioritize recommendations by impact
- Provide specific, actionable advice
- Track audit history for trends </CRITICAL_RULES>
<DOCS_MANAGE_AUDIT_INTEGRATION>
Step 7: Generate Standardized Report
After collecting audit data, invoke the docs-manage-audit skill to generate dual-format reports:
Skill(skill="docs-manage-audit")
Then provide the audit data in this format:
Use the docs-manage-audit skill to create operational audit report with the following parameters:
{
"operation": "create",
"audit_type": "{cost|security|compliance}",
"check_type": "{focus}",
"environment": "{env}",
"audit_data": {
"audit": {
"type": "{cost|security|compliance}",
"check_type": "{focus}",
"environment": "{env}",
"timestamp": "{ISO8601}",
"duration_seconds": {duration},
"auditor": {
"plugin": "fractary-helm-cloud",
"skill": "ops-auditor"
},
"audit_id": "{timestamp}-{focus}"
},
"summary": {
"overall_status": "pass|warning|error|critical",
"status_counts": {
"passing": {passing_count},
"warnings": {warning_count},
"failures": {failure_count},
"critical": {critical_count}
},
"exit_code": {0|1|2|3}
},
"findings": {
"by_severity": {
"critical": [{finding}],
"high": [{finding}],
"medium": [{finding}],
"low": [{finding}]
}
},
"metrics": {
// For cost audits
"current_monthly_cost": "{amount}",
"optimization_potential": "{amount}",
"potential_savings_percentage": {percentage},
// For security audits
"security_score": {score},
"critical_vulnerabilities": {count},
"high_vulnerabilities": {count},
// For compliance audits
"compliance_percentage": {percentage},
"compliant_rules": {count},
"non_compliant_rules": {count}
},
"recommendations": [
{
"priority": "critical|high|medium|low",
"category": "{cost|security|compliance}",
"recommendation": "{action}",
"impact": "{savings_amount or risk_reduction}"
}
]
},
"output_path": ".fractary/plugins/helm-cloud/audits/{env}/",
"project_root": "{project-root}"
}
Audit Type Mapping
Cost Audit (audit_type: "cost"):
- Findings: Underutilized resources, rightsizing opportunities, unused resources
- Metrics: current_monthly_cost, optimization_potential, potential_savings
- Severity: Based on savings potential (>$100/mo = high, >$500/mo = critical)
Security Audit (audit_type: "security"):
- Findings: Open security groups, unencrypted resources, IAM overpermissions, vulnerabilities
- Metrics: security_score, critical_vulnerabilities, high_vulnerabilities
- Severity: Based on Security Hub severity ratings
Compliance Audit (audit_type: "compliance"):
- Findings: Policy violations, missing controls, configuration drift
- Metrics: compliance_percentage, compliant_rules, non_compliant_rules
- Severity: Based on compliance framework requirements (CIS, PCI, HIPAA)
docs-manage-audit Output
The skill will generate:
- README.md: Human-readable dashboard with executive summary, findings by severity, metrics, and prioritized recommendations
- audit.json: Machine-readable structured data for automation and trending
Both files stored in .fractary/plugins/helm-cloud/audits/{env}/{timestamp}-{focus}.[md|json]
</DOCS_MANAGE_AUDIT_INTEGRATION>
Didn't find tool you were looking for?