Orca Skills

Cloud cost optimization analysis using Orca Security asset data. Discovers all cloud assets (AWS, GCP, Azure) through Orca MCP tools, compares current configurations against cheaper alternatives using live public pricing, and produces a prioritized cost reduction report with exact asset evidence. Use when the user asks about cloud cost optimization, reducing cloud spend, rightsizing instances, saving money on cloud infrastructure, cost reduction opportunities, unused resources, oversized VMs, reserved instances, storage tiering, or wants to know what changes would lower their cloud bill.

Deep-dive compliance gap analysis for any framework — failing controls ranked by impact, quick wins, account breakdown, and remediation plan. Use when user asks about compliance gaps, failures, or status (e.g., "compliance gaps", "PCI DSS status", "where are we failing", "SOC 2 compliance", "quick wins").

Traces any Orca alert back to who deployed it, what tool was used, what introduced the issue, and a full timeline of events. Use when user asks about origin, deployment, or ownership of an alert (e.g., "who created this", "where did this come from", "trace back orca-3380725", "who deployed", "what tool was used").

Creates custom compliance frameworks from existing frameworks, alert lists, or security themes — organizes controls into sections, maps alerts, and pushes the framework to Orca. Suggests creating custom discovery alerts for gaps not covered by existing rules. Use when user asks to create, build, or generate a custom compliance framework.

DSPM view — sensitive data at risk across the environment, exposed secrets/PII/credentials, data store security posture, and remediation priorities. Use when user asks about data exposure, sensitive data, or secrets (e.g., "data exposure", "where is our PII", "sensitive data at risk", "exposed secrets", "DSPM view").