Stats
Actions
Tags
From armoctl
Attack chains — multi-step kill-chain views built by ARMO from runtime + posture signal. Use when the user wants to understand how vulnerabilities chain into reachable exploit paths.
How this skill is triggered — by the user, by Claude, or both
Slash command
/armoctl:armoctl-attack-chainsThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
An attack chain links a posture weakness, a vulnerable component, and runtime context into a sequence an attacker could traverse. List view shows the highest-severity chains; details show the per-step evidence.
An attack chain links a posture weakness, a vulnerable component, and runtime context into a sequence an attacker could traverse. List view shows the highest-severity chains; details show the per-step evidence.
fields — Print the attack chains resource cheatsheetlist — List attack chains| Field | Description |
|---|---|
name | Attack chain name. |
guid | Stable identifier. |
creationTime | RFC3339 first-seen time. |
severity | Severity bucket. |
clusterName | Cluster name. |
namespace | Kubernetes namespace. |
severity — Chain severity — reflects the worst-case step in the chain. Use to prioritise which chains to investigate first.
armoctl attack-chains list
Provides CDSS development patterns for drug interaction checking, dose validation, clinical scoring (NEWS2, qSOFA), and alert classification integrated into EMR workflows.
npx claudepluginhub armosec/armoctl --plugin armoctl