Cloud accounts drift. The IAM role gets a wildcard permission for a debug session and never loses it. The S3 bucket gets public read for a marketing campaign and stays public after the campaign ends. The RDS instance is sized for a peak that no longer happens. The backup policy was set up at launch and was never updated when the data classification changed. Each drift is small individually and dangerous together. The audit that catches all of them takes a focused day from a senior engineer; the audit that does not happen is the one that costs the team during the next incident.
The /forge-audit skill performs the cross-cutting infrastructure audit. It reads the cloud account's IAM, storage, networking, compute, and backup configuration, identifies misconfigurations and waste, and produces a ranked findings list with severity, remediation steps, and reasoning. The output is the artifact engineering can act on rather than the comprehensive scan that nobody triages.
What a useful infrastructure audit covers
Five categories. IAM: roles with over-privilege, wildcards, missing explicit denies. Public exposure: S3 buckets, databases, load balancers, and management endpoints reachable from the internet that should not be. Encryption at rest: EBS volumes, RDS, S3 buckets without KMS encryption. Cost waste: idle instances, oversized RDS, unattached EBS volumes, expired commitments. Backup and recovery: missing automated backups, retention shorter than the data classification requires, untested restore procedures.
How /forge-audit works
The skill reads the cloud account via read-only credentials and runs the five-category scan. Each finding is verified for actual exposure (the wildcard IAM is attached to a production service, the public bucket has objects users can list). Findings are ranked Critical/High/Medium/Low based on impact. Critical and High items get specific remediation steps; Medium and Low go to the appendix.
Public S3 buckets are the most common Critical finding and the easiest to exploit at scale. /forge-audit checks bucket policies, ACLs, and Object Ownership settings together because all three can independently expose data.
Tonone's /forge-audit skill audits cloud infrastructure for IAM over-privilege, public exposure, missing encryption, cost waste, and backup gaps, with ranked remediation.
When to use /forge-audit
/forge-audit is the right call as a quarterly health check, before a security audit, when something suspicious has been found, or when inheriting a cloud account from another team. Skip for cost-only analysis (use /forge-cost) or for application-level security (use /warden-audit).
| Capability | Tonone | Generalist chatbot | Cursor / Copilot |
|---|---|---|---|
| Audits IAM/exposure/encryption/waste/backups together | Yes, in one pass | Per-category checklist | Tool-specific |
| Verifies findings against actual exposure | Yes, attached IAM, listable bucket | Static rules | Variable |
| Ranked findings with severity | Yes, Critical/High/Medium/Low | Flat list | Tool-specific |
| File-level remediation steps | Yes, IaC-ready fixes | Generic advice | Variable |
Related skills
/forge-audit audits infrastructure. /forge-cost covers cost optimization specifically. /forge-diagnose diagnoses runtime infrastructure issues. /warden-audit covers application security.
Install
/forge-audit ships with the Forge agent in Tonone for Claude Code. Install Tonone, configure read-only cloud credentials, and the skill produces the audit report.
1. Add to marketplace
2. Install Forge
Frequently asked questions
- What does /forge-audit do?
- It audits cloud infrastructure across IAM, public exposure, encryption, cost waste, and backup policies, with verified findings ranked by severity and IaC-ready remediation steps.
- What clouds does /forge-audit support?
- AWS, GCP, and Azure. The skill reads via read-only credentials and produces the equivalent audit per cloud.
- When should I use /forge-audit?
- Quarterly as a health check, before a formal security audit, when something suspicious is found, or when inheriting a cloud account.
- How do I install /forge-audit?
- Install Tonone for Claude Code via tonone.ai/get-started. /forge-audit ships with the Forge agent. Tonone is free and MIT-licensed.