Cloudsword
一款帮助云租户发现和测试云上风险、增强云上防护能力的综合性开源工具
What is Cloudsword?
Cloudsword is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to 一款帮助云租户发现和测试云上风险、增强云上防护能力的综合性开源工具
一款帮助云租户发现和测试云上风险、增强云上防护能力的综合性开源工具
This server falls under the Security and Cloud Services categories on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- 一款帮助云租户发现和测试云上风险、增强云上防护能力的综合性开源工具
Use Cases
Maintainer
Works with
Installation
Manual Installation
npx cloudswordConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use Cloudsword
Cloudsword is a comprehensive open-source cloud security assessment tool (written in Go) that helps cloud tenants discover and test security risks across Alibaba Cloud, Tencent Cloud, Huawei Cloud, Baidu Cloud, and Qiniu Cloud. Starting from v0.0.2 it supports the Model Context Protocol via both SSE and STDIO modes, allowing AI assistants to invoke its 25+ security modules to enumerate storage buckets, list compute instances, audit IAM users, and enumerate network assets — all through natural language. Security engineers use it to identify misconfigurations, overly permissive IAM policies, and exposed resources in multi-cloud environments.
Prerequisites
- Go 1.21 or later (if building from source) or Homebrew (macOS) for the binary
- Cloud provider access keys (access key ID and secret) for the cloud accounts you want to assess
- An MCP-compatible client such as Claude Desktop or Cursor
- Appropriate read permissions on the target cloud accounts (least-privilege assessment credentials recommended)
Install Cloudsword
Install via Homebrew on macOS, or download the binary for your platform from the GitHub releases page.
# macOS via Homebrew:
brew tap wgpsec/tap
brew install wgpsec/tap/cloudsword
# Or download binary from:
# https://github.com/wgpsec/cloudsword/releasesSet cloud credentials
Export your cloud provider credentials as environment variables. These are used by all modules and never written to disk.
export CLOUD_SWORD_ACCESS_KEY_ID=your_access_key_id
export CLOUD_SWORD_ACCESS_KEY_SECRET=your_access_key_secret
# Optional for temporary credentials:
export CLOUD_SWORD_SECURITY_TOKEN=your_sts_tokenStart the MCP server in STDIO mode
Launch Cloudsword in STDIO mode so an MCP client can communicate with it directly.
cloudsword stdioOr start in SSE mode
Alternatively, run Cloudsword in SSE mode to expose a network endpoint that MCP clients can connect to via URL.
cloudsword sse http://localhost:8080Configure your MCP client
Add Cloudsword to your MCP client configuration using the STDIO transport and passing credentials via environment variables.
Cloudsword Examples
Client configuration
Add this block to your claude_desktop_config.json to run Cloudsword in STDIO mode with Alibaba Cloud credentials.
{
"mcpServers": {
"cloudsword": {
"command": "cloudsword",
"args": ["stdio"],
"env": {
"CLOUD_SWORD_ACCESS_KEY_ID": "your_access_key_id",
"CLOUD_SWORD_ACCESS_KEY_SECRET": "your_access_key_secret"
}
}
}
}Prompts to try
These prompts invoke Cloudsword's security assessment modules for Alibaba Cloud and Tencent Cloud.
- "List all OSS buckets in my Alibaba Cloud account and identify any that are publicly accessible."
- "Enumerate all RAM users in my Alibaba Cloud account and list their attached policies."
- "List all ECS instances in my Alibaba Cloud account across all regions."
- "Enumerate all COS buckets in my Tencent Cloud account and check their access control settings."
- "List all CAM users in my Tencent Cloud account and flag any with admin permissions."Troubleshooting Cloudsword
Modules return 'InvalidAccessKeyId' or authentication errors
Verify that CLOUD_SWORD_ACCESS_KEY_ID and CLOUD_SWORD_ACCESS_KEY_SECRET are set correctly for the target cloud provider. For Alibaba Cloud, keys from the RAM console should have API access enabled, not just console access.
Temporary credential errors (token expired)
If using STS temporary credentials, set CLOUD_SWORD_SECURITY_TOKEN to the current session token. Temporary credentials expire; refresh them and restart the server.
cloudsword command not found after brew install
Run 'brew link wgpsec/tap/cloudsword' and ensure /usr/local/bin or /opt/homebrew/bin is in your PATH. Alternatively, download the binary directly from the GitHub releases page and place it in your PATH.
Frequently Asked Questions about Cloudsword
What is Cloudsword?
Cloudsword is a Model Context Protocol (MCP) server that 一款帮助云租户发现和测试云上风险、增强云上防护能力的综合性开源工具 It connects AI assistants to external tools and data sources through a standardized interface.
How do I install Cloudsword?
Follow the installation instructions on the Cloudsword GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.
Which AI clients work with Cloudsword?
Cloudsword works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is Cloudsword free to use?
Yes, Cloudsword is open source and available under the Apache-2.0 license. You can use it freely in both personal and commercial projects.
Cloudsword Alternatives — Similar Security Servers
Looking for alternatives to Cloudsword? Here are other popular security servers you can use with Claude, Cursor, and VS Code.
Casdoor
★ 13.6kAn open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
ghidraMCP
★ 9.0kAn Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through
HexStrike AI
★ 8.9kHexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b
IDA Pro MCP
★ 8.7kEnables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.
Anthropic Cybersecurity Skills
★ 6.6k754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform
Hooker
★ 5.1k🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u
Browse More Security MCP Servers
Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up Cloudsword in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use Cloudsword?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.