Generated source
This hub is built from the same local package data as individual package pages: Nucleus package metadata, Homebrew enrichment, Geiger classifier output, radioisotope manifests, and approval-gate seeds where available.
cloud command surfaces
Cloud CLI packages
Cloud CLIs are high-value package targets because they often broker access to accounts, deploys, registries, state, and production infrastructure from a local shell.
GEO summary
Why this package group matters
Cloud CLI packages currently includes 351 generated package pages. 18 have radioisotope coverage, 2 have approval-gate metadata, and 193 have non-low Geiger classifier findings. The grouping is generated, not curated prose, so it can stay current as package metadata changes.
Review model
Use the hub to find command families that should receive tighter runtime secret injection, approval gates, or manual review before AI agents execute them.
packages
Indexed package pages
| Package | Manager | Signals | Why it appears here |
|---|---|---|---|
| awscli | Homebrew | radioisotope, approval gate, orange risk, v2.34.53 | Plain Text Secrets |
| docker | Homebrew | radioisotope, approval gate, orange risk, v29.5.2 | Ambient Docker Registry Credentials |
| glab | Homebrew | radioisotope, green risk, v1.99.0 | Plain Text GitLab Tokens |
| flyctl | Homebrew | radioisotope, green risk, v0.4.54 | Plain Text Fly.io Access Token |
| jfrog-cli | Homebrew | radioisotope, green risk, v2.104.1 | Plain Text JFrog CLI Credentials |
| firebase-cli | Homebrew | radioisotope, green risk, v15.18.0 | Plain Text Firebase CLI Tokens |
| doctl | Homebrew | radioisotope, green risk, v1.159.0 | Plain Text DigitalOcean Tokens |
| netlify-cli | Homebrew | radioisotope, green risk, v26.0.2 | Plain Text Netlify CLI Credentials |
| snowflake-cli | Homebrew | radioisotope, green risk, v3.18.0 | Plain Text Snowflake Passwords |
| s3cmd | Homebrew | radioisotope, green risk, v2.4.0 | Plain Text S3 Access Keys |
| kubernetes-cli | Homebrew | radioisotope, orange risk, v1.36.1 | Plain Text Kubeconfig Secrets |
| helm | Homebrew | radioisotope, orange risk, v4.2.0 | Plain Text Chart Repository Credentials |
| podman | Homebrew | radioisotope, orange risk, v5.8.2 | Plain Text Registry Credentials |
| argocd | Homebrew | radioisotope, orange risk, v3.4.2 | Plain Text Argo CD Tokens |
| opentofu | Homebrew | radioisotope, orange risk, v1.12.0 | Plain Text OpenTofu Cloud Tokens |
| pulumi | Homebrew | radioisotope, orange risk, v3.243.0 | Plain Text Pulumi Access Tokens |
| oci-cli | Homebrew | radioisotope, orange risk, v3.83.0 | Plain Text OCI CLI Secrets |
| talosctl | Homebrew | radioisotope, orange risk, v1.13.2 | Plain Text Talos Client Config |
| crun | Homebrew | yellow risk, v1.27.1 | generalized runtime or code generation signal |
| apache-spark | Homebrew | yellow risk, v4.1.2 | broad file, network, media, or database tool signal |
| gitlab-ci-local | Homebrew | yellow risk, v4.72.0 | generalized runtime or code generation signal |
| minio-mc | Homebrew | yellow risk, v2025-08-13T08-35-41Z | generalized runtime or code generation signal |
| aws-shell | Homebrew | yellow risk, v0.2.2 | generalized runtime or code generation signal |
| docker-agent | Homebrew | yellow risk, v1.65.0 | generalized runtime or code generation signal |
| docker-completion | Homebrew | green risk, v29.5.2 | no executable entrypoint in the package index |
| docker-compose | Homebrew | green risk, v5.1.4 | no executable entrypoint in the package index |
| terragrunt | Homebrew | green risk, v1.0.5 | no executable entrypoint in the package index |
| aws-sdk-cpp | Homebrew | green risk, v1.11.810 | no executable entrypoint in the package index |
| aws-crt-cpp | Homebrew | green risk, v0.39.1 | no executable entrypoint in the package index |
| k3d | Homebrew | green risk, v5.8.3 | narrow executable package without higher-risk signals |
| aws-sam-cli | Homebrew | green risk, v1.161.0 | no executable entrypoint in the package index |
| docker-buildx | Homebrew | green risk, v0.34.1 | no executable entrypoint in the package index |
| aws-c-s3 | Homebrew | green risk, v0.12.4 | no executable entrypoint in the package index |
| terraform-docs | Homebrew | green risk, v0.24.0 | no executable entrypoint in the package index |
| oras | Homebrew | green risk, v1.3.2 | narrow executable package without higher-risk signals |
| aws-c-io | Homebrew | green risk, v0.26.3 | no executable entrypoint in the package index |
| aws-c-http | Homebrew | green risk, v0.11.0 | no executable entrypoint in the package index |
| aws-c-common | Homebrew | green risk, v0.13.1 | no executable entrypoint in the package index |
| azcopy | Homebrew | green risk, v10.32.4 | no executable entrypoint in the package index |
| aws-c-cal | Homebrew | green risk, v0.9.14 | no executable entrypoint in the package index |
| aws-c-mqtt | Homebrew | green risk, v0.16.0 | no executable entrypoint in the package index |
| aws-c-event-stream | Homebrew | green risk, v0.7.1 | no executable entrypoint in the package index |
| aws-c-auth | Homebrew | green risk, v0.10.3 | no executable entrypoint in the package index |
| vercel-cli | Homebrew | green risk, v54.4.1 | no executable entrypoint in the package index |
| aws-vault | Homebrew | green risk, v7.10.7 | no executable entrypoint in the package index |
| lazydocker | Homebrew | green risk, v0.25.2 | narrow executable package without higher-risk signals |
| docker-credential-helper-ecr | Homebrew | green risk, v0.12.0 | narrow executable package without higher-risk signals |
| podman-compose | Homebrew | green risk, v1.5.0 | narrow executable package without higher-risk signals |
| aws-checksums | Homebrew | green risk, v0.2.10 | no executable entrypoint in the package index |
| docker-credential-helper | Homebrew | green risk, v0.9.7 | no executable entrypoint in the package index |
| aws-c-compression | Homebrew | green risk, v0.3.2 | no executable entrypoint in the package index |
| tfsec | Homebrew | green risk, v1.28.14 | narrow executable package without higher-risk signals |
| aws-c-sdkutils | Homebrew | green risk, v0.2.4 | no executable entrypoint in the package index |
| heroku | Homebrew | green risk, v11.4.0 | no executable entrypoint in the package index |
| okta-aws-cli | Homebrew | green risk, v2.6.0 | narrow executable package without higher-risk signals |
| saml2aws | Homebrew | green risk, v2.36.19 | narrow executable package without higher-risk signals |
| aws-elasticbeanstalk | Homebrew | green risk, v3.27.2 | no executable entrypoint in the package index |
| awscli-local | Homebrew | green risk, v0.22.2 | no executable entrypoint in the package index |
| aws-nuke | Homebrew | green risk, v3.64.4 | no executable entrypoint in the package index |
| awscurl | Homebrew | green risk, v0.42 | no executable entrypoint in the package index |
| gimme-aws-creds | Homebrew | green risk, v2.8.2 | no executable entrypoint in the package index |
| apko | Homebrew | green risk, v1.2.13 | no executable entrypoint in the package index |
| tf-summarize | Homebrew | green risk, v0.3.20 | narrow executable package without higher-risk signals |
| aws-sso-util | Homebrew | green risk, v4.33.0 | no executable entrypoint in the package index |
| copilot | Homebrew | green risk, v1.34.1 | no executable entrypoint in the package index |
| aws-sso-cli | Homebrew | green risk, v2.2.4 | no executable entrypoint in the package index |
| devspace | Homebrew | green risk, v6.3.21 | narrow executable package without higher-risk signals |
| awscli@1 | Homebrew | green risk, v1.45.10 | no executable entrypoint in the package index |
| terramate | Homebrew | green risk, v0.17.0 | narrow executable package without higher-risk signals |
| ocicl | Homebrew | green risk, v2.16.13 | narrow executable package without higher-risk signals |
| git-remote-codecommit | Homebrew | green risk, v1.17 | no executable entrypoint in the package index |
| chamber | Homebrew | green risk, v3.1.5 | narrow executable package without higher-risk signals |