{"id":"98582670-2dc6-4a12-9bab-10c57ff3a99a","shortId":"CGG82F","kind":"skill","title":"CloudTrail Anomaly Detection Agent","tagline":"Analyzes AWS CloudTrail event logs via the Lookup Events API to detect anomalous IAM activity. Uses statistical baselining of API call patterns and flags unusual AssumeRole chains, console logins from new IPs, and privilege escalation attempts.","description":"# CloudTrail Anomaly Detection Agent\n\nAnalyzes AWS CloudTrail event logs via the Lookup Events API to detect anomalous IAM activity. Uses statistical baselining of API call patterns and flags unusual AssumeRole chains, console logins from new IPs, and privilege escalation attempts.\n\n## Installation\n\nRequirements and caveats from upstream:\n- AWS SDK for Python\n\nBasic usage or getting-started notes:\n- LookupEvents returns recent Insights events for trails that enable Insights. To view Insights events for an event data store, you can run queries on your\n- category are not returned in the response. For example, if you do not specify\n- example, if the original call specified an AttributeKey of 'Username' with a value of\n\n- Source: https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_LookupEvents.html\n\n## Source\n\n- [Agent Skill Exchange](https://agentskillexchange.com/skills/cloudtrail-anomaly-detection-agent/)","tags":["cloudtrail","anomaly","detection","agent","skills","agentskillexchange","agent-skills","ai-agents","ai-tools","awesome-list","claude-code","codex"],"capabilities":["skill","source-agentskillexchange","skill-cloudtrail-anomaly-detection-agent","topic-agent-skills","topic-ai-agents","topic-ai-tools","topic-awesome-list","topic-claude-code","topic-codex","topic-cursor","topic-llm","topic-mcp","topic-npx-skills","topic-openclaw","topic-skills-catalog"],"categories":["skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/agentskillexchange/skills/cloudtrail-anomaly-detection-agent","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add agentskillexchange/skills","source_repo":"https://github.com/agentskillexchange/skills","install_from":"skills.sh"}},"qualityScore":"0.454","qualityRationale":"deterministic score 0.45 from registry signals: · indexed on github topic:agent-skills · 8 github stars · SKILL.md body (931 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T19:09:52.322Z","embedding":null,"createdAt":"2026-05-18T13:15:45.160Z","updatedAt":"2026-05-18T19:09:52.322Z","lastSeenAt":"2026-05-18T19:09:52.322Z","tsv":"'/awscloudtrail/latest/apireference/api_lookupevents.html':154 '/skills/cloudtrail-anomaly-detection-agent/)':161 'activ':19,59 'agent':4,44,156 'agentskillexchange.com':160 'agentskillexchange.com/skills/cloudtrail-anomaly-detection-agent/)':159 'analyz':5,45 'anomal':17,57 'anomali':2,42 'api':14,24,54,64 'assumerol':30,70 'attempt':40,80 'attributekey':144 'aw':6,46,87 'baselin':22,62 'basic':91 'call':25,65,141 'categori':123 'caveat':84 'chain':31,71 'cloudtrail':1,7,41,47 'consol':32,72 'data':115 'detect':3,16,43,56 'docs.aws.amazon.com':153 'docs.aws.amazon.com/awscloudtrail/latest/apireference/api_lookupevents.html':152 'enabl':106 'escal':39,79 'event':8,13,48,53,102,111,114 'exampl':131,137 'exchang':158 'flag':28,68 'get':95 'getting-start':94 'iam':18,58 'insight':101,107,110 'instal':81 'ip':36,76 'log':9,49 'login':33,73 'lookup':12,52 'lookupev':98 'new':35,75 'note':97 'origin':140 'pattern':26,66 'privileg':38,78 'python':90 'queri':120 'recent':100 'requir':82 'respons':129 'return':99,126 'run':119 'sdk':88 'skill':157 'skill-cloudtrail-anomaly-detection-agent' 'sourc':151,155 'source-agentskillexchange' 'specifi':136,142 'start':96 'statist':21,61 'store':116 'topic-agent-skills' 'topic-ai-agents' 'topic-ai-tools' 'topic-awesome-list' 'topic-claude-code' 'topic-codex' 'topic-cursor' 'topic-llm' 'topic-mcp' 'topic-npx-skills' 'topic-openclaw' 'topic-skills-catalog' 'trail':104 'unusu':29,69 'upstream':86 'usag':92 'use':20,60 'usernam':146 'valu':149 'via':10,50 'view':109","prices":[{"id":"cc3d3934-1a44-4fff-bbf0-56140adaed4d","listingId":"98582670-2dc6-4a12-9bab-10c57ff3a99a","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"agentskillexchange","category":"skills","install_from":"skills.sh"},"createdAt":"2026-05-18T13:15:45.160Z"}],"sources":[{"listingId":"98582670-2dc6-4a12-9bab-10c57ff3a99a","source":"github","sourceId":"agentskillexchange/skills/cloudtrail-anomaly-detection-agent","sourceUrl":"https://github.com/agentskillexchange/skills/tree/main/skills/cloudtrail-anomaly-detection-agent","isPrimary":false,"firstSeenAt":"2026-05-18T13:15:45.160Z","lastSeenAt":"2026-05-18T19:09:52.322Z"}],"details":{"listingId":"98582670-2dc6-4a12-9bab-10c57ff3a99a","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"agentskillexchange","slug":"cloudtrail-anomaly-detection-agent","github":{"repo":"agentskillexchange/skills","stars":8,"topics":["agent-skills","ai-agents","ai-tools","awesome-list","claude-code","codex","cursor","llm","mcp","npx-skills","openclaw","skills-catalog"],"license":"mit","html_url":"https://github.com/agentskillexchange/skills","pushed_at":"2026-05-18T19:02:17Z","description":"The open catalog of AI agent skills — 2,000+ security-scanned skills for Claude Code, Cursor, Codex, and more.","skill_md_sha":"6cc93f341ad315837ef47e86a9428ddf2de95e06","skill_md_path":"skills/cloudtrail-anomaly-detection-agent/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/agentskillexchange/skills/tree/main/skills/cloudtrail-anomaly-detection-agent"},"layout":"multi","source":"github","category":"skills","frontmatter":{"name":"CloudTrail Anomaly Detection Agent","description":"Analyzes AWS CloudTrail event logs via the Lookup Events API to detect anomalous IAM activity. Uses statistical baselining of API call patterns and flags unusual AssumeRole chains, console logins from new IPs, and privilege escalation attempts."},"skills_sh_url":"https://skills.sh/agentskillexchange/skills/cloudtrail-anomaly-detection-agent"},"updatedAt":"2026-05-18T19:09:52.322Z"}}