aeondave/gcloud-cli
offensive-tools/recon/gcloud-cli/SKILL.md
Google Cloud CLI for authenticating, configuring projects, and enumerating GCP resources from the terminal. Use when verifying active identity and project scope, listing compute or storage resources, or scripting repeatable GCP recon in authorized environments.
$ install --global
skillsauthnpx skillsauth add aeondave/malskill gcloud-cliInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 19, 2026, 4:51 AM142.5s1 file scanned
SKILL.md
- name:
- gcloud-cli
- description:
- Google Cloud CLI for authenticating, configuring projects, and enumerating GCP resources from the terminal. Use when verifying active identity and project scope, listing compute or storage resources, or scripting repeatable GCP recon in authorized environments.
- compatibility:
- Linux, Windows, macOS; Google Cloud CLI installed
- author:
- AeonDave
- version:
- 1.0
gcloud CLI
Project-aware cloud enumeration for GCP from a shell instead of a tab maze.
When to use gcloud CLI
Use gcloud when you need to:
- inspect the active account, project, and configuration quickly
- list compute, IAM, and storage resources in a target project
- script GCP recon or validation steps in a reproducible way
Quick Start
# Check auth and config
gcloud auth list
gcloud config list
# Enumerate projects and compute instances
gcloud projects list
gcloud compute instances list --project my-project
High-Value Workflows
Project and identity sanity
gcloud auth list
gcloud config get-value project
gcloud projects list
Common resource enumeration
gcloud compute instances list --project my-project
gcloud iam service-accounts list --project my-project
gcloud storage ls
Structured output
gcloud compute instances list --project my-project --format=json
gcloud projects list --format="table(projectId,name,projectNumber)"
Practical Notes
- Always know which project is active before trusting the output.
- Prefer
--projectin scripts, even if a default project is configured. gcloud storage lsis a useful first pass for bucket visibility in modern CLI workflows.
Caveats
- Cross-project visibility depends heavily on the bound identity and active credentials.
- Some service coverage and examples moved over time; prefer current official docs over older blog syntax.
- Empty output often means wrong project or auth context, not absence of resources.
Resources
No bundled scripts/, references/, or assets/.
Use Google's official gcloud documentation for install, auth flows, and service command groups.
Related Skills
aeondave/offensive-linux-role
data-ai
VerifiedTrustedCommunity
Scoped routing: Linux operator; hosts, sessions, users, services, packages, logs, containers, SSH, network paths, privilege evidence.
4SKILL.mdUpdated Jun 5, 2026
aeondave/ics-technique
development
VerifiedTrustedCommunity
Offensive methodology for ICS/OT/SCADA environments in authorized industrial penetration testing and red team operations. Use when assessing PLCs, RTUs, HMIs, engineering workstations, historians, or field devices running Modbus, DNP3, EtherNet/IP, S7comm/S7+, Profinet, IEC 60870-5-104, BACnet, or OPC-UA. Covers passive OT network enumeration, protocol-level device interrogation, PLC coil/register read-write attacks, HMI session exploitation, historian and engineering workstation compromise, and safe escalation rules for critical infrastructure scope. Does not cover: general IT network exploitation (network-technique), physical hardware interfaces UART/JTAG/SPI (hardware-technique), wireless sensor network attacks (wireless-technique), RF/SDR signal analysis (hardware-ctf or wireless-technique), or CTF-framed ICS lab tasks (ics-ctf).
4SKILL.mdUpdated Jun 2, 2026
aeondave/game-technique
tools
VerifiedTrustedCommunity
Offensive methodology for authorized game security assessments, game client security research, and game-adjacent penetration testing in real-world engagements. Use when assessing game clients for cheating vulnerabilities, testing anti-cheat effectiveness, auditing game server protocols for score manipulation or economic fraud, reverse engineering game DRM or license validation, analyzing game save file protection, or assessing game mod/plugin security. Covers: process memory scanning and manipulation (Cheat Engine methodology), game binary reversing for license and DRM bypass, game network protocol analysis and packet replay, anti-cheat mechanism analysis, save file format reversing and tampering, speed hack and value injection techniques. Does NOT cover: CTF game challenges (game-ctf), game engine source code auditing (web-exploit-technique or vuln-search-technique for the backend), or general binary exploitation (pwn-ctf or reversing-technique).
4SKILL.mdUpdated Jun 2, 2026
aeondave/hardware-technique
development
VerifiedTrustedCommunity
Auth assessment: hardware/embedded methodology; UART/JTAG/SWD/SPI/I2C, firmware extraction, boot/debug paths, embedded OS evidence.
4SKILL.mdUpdated Jun 2, 2026