{"id":"cloudsword","name":"CloudSword","homepage":"https://github.com/wgpsec/cloudsword","repo_url":"https://github.com/wgpsec/cloudsword","category":"security","subcategories":["cloud-security","security-testing","asset-discovery"],"tags":["cloud-security","mcp","alibaba-cloud","tencent-cloud","huawei-cloud","baidu-cloud","qiniu","pentest","asset-enumeration","bucket-security"],"what_it_does":"Cloud security assessment tool for Chinese cloud providers (Alibaba, Tencent, Huawei, Baidu, Qiniu). Enumerates cloud assets (storage buckets, compute instances, IAM users/roles, domains), tests access permissions, hardens bucket policies, and creates honey tokens for intrusion detection. Has a Metasploit-like CLI interface and MCP protocol support via SSE and STDIO modes.","use_cases":["Cloud security posture assessment across Chinese cloud providers","Enumerating storage buckets, compute instances, and IAM entities","Testing object access permissions in cloud storage","Automated bucket security hardening (restricting to image-only uploads)","Deploying honey tokens for cloud intrusion detection"],"not_for":["AWS, Azure, or GCP security testing","Non-security cloud management tasks","English-only environments (primary interface is Chinese)"],"best_when":"You need to assess security posture across Chinese cloud providers (Alibaba, Tencent, Huawei, Baidu, Qiniu) and are comfortable with a Chinese-language interface.","avoid_when":"You work exclusively with Western cloud providers (AWS/Azure/GCP) or need English-language documentation and interface.","alternatives":["ScoutSuite (multi-cloud, Western providers focused)","Prowler (AWS/Azure/GCP security)","CloudSploit (multi-cloud open source)"],"af_score":53.2,"security_score":60.0,"reliability_score":null,"package_type":"mcp_server","discovery_source":["github"],"priority":"low","status":"evaluated","version_evaluated":"0.0.2","last_evaluated":"2026-03-01T09:50:05.408095+00:00","performance":{"latency_p50_ms":null,"latency_p99_ms":null,"uptime_sla_percent":null,"rate_limits":"Subject to cloud provider API rate limits","data_source":"llm_estimated","measured_on":null}}