Stats
Actions
Tags
From cybersec-toolkit
Detects illicit OAuth consent grants in Azure AD/Entra ID via Microsoft Graph API, audit logs, and permission analysis. Flags risky apps for security incident response and threat hunting.
How this skill is triggered — by the user, by Claude, or both
Slash command
/cybersec-toolkit:detecting-suspicious-oauth-application-consentThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Illicit consent grant attacks trick users into granting excessive permissions to malicious OAuth applications in Azure AD / Microsoft Entra ID. This skill uses the Microsoft Graph API to enumerate OAuth2 permission grants, analyze application permissions for overly broad scopes, review directory audit logs for consent events, and flag high-risk applications based on publisher verification statu...
Illicit consent grant attacks trick users into granting excessive permissions to malicious OAuth applications in Azure AD / Microsoft Entra ID. This skill uses the Microsoft Graph API to enumerate OAuth2 permission grants, analyze application permissions for overly broad scopes, review directory audit logs for consent events, and flag high-risk applications based on publisher verification status and permission scope.
Application.Read.All, AuditLog.Read.All, Directory.Read.Allmsal, requests/oauth2PermissionGrantsConsent to application eventsnpx claudepluginhub 26zl/cybersec-toolkit --plugin cybersec-toolkitDetects risky OAuth application consent grants in Azure AD/Entra ID using Microsoft Graph API, audit logs, and permission analysis to identify illicit consent attacks. For SOC analysts and threat hunting.
Detects risky OAuth application consent grants in Azure AD / Microsoft Entra ID using Microsoft Graph API, audit logs, and permission analysis to identify illicit consent grant attacks.
Detects high-risk OAuth app consent grants in Azure AD/Entra ID using Microsoft Graph API, audit logs, and permission analysis to identify illicit consent attacks.