# Cloud CLI packages

Cloud CLIs often hold access to accounts, deploys, registries, state, and production infrastructure from a local shell.

- **Packages:** 724
- **Protected tools:** 0
- **Approval gates:** 2
- **Non-low risk:** 288
- **Updated:** 2026-07-08

## Why this package group is here

Cloud CLI packages currently includes 724 package catalog entries. 0 have protected-tool coverage, 2 have approval-gate metadata, and 288 have non-low Geiger classifier findings. The grouping comes from package metadata, so it can stay current as that metadata changes.

## Generated source

This hub uses the same local package data as individual package pages: Nucleus package metadata, Homebrew enrichment, Geiger classifier output, secret-handling manifests, and approval-gate seeds where available.

## Review model

Use the hub to find command families that need tighter secret injection, approval gates, or manual review before agents run them.

## Indexed package pages

- [awscli](https://www.automicvault.com/pkg/brew/awscli/) - 8 approval-gate rules are present.
- [docker](https://www.automicvault.com/pkg/brew/docker/) - 6 approval-gate rules are present.
- [apache-spark](https://www.automicvault.com/pkg/brew/apache-spark/) - broad file, network, media, or database tool signal
- [aws-shell](https://www.automicvault.com/pkg/brew/aws-shell/) - generalized runtime or code generation signal
- [crun](https://www.automicvault.com/pkg/brew/crun/) - generalized runtime or code generation signal
- [docker-agent](https://www.automicvault.com/pkg/brew/docker-agent/) - generalized runtime or code generation signal
- [gimme](https://www.automicvault.com/pkg/brew/gimme/) - generalized runtime or code generation signal
- [gitlab-ci-local](https://www.automicvault.com/pkg/brew/gitlab-ci-local/) - generalized runtime or code generation signal
- [litani](https://www.automicvault.com/pkg/brew/litani/) - generalized runtime or code generation signal
- [shellz](https://www.automicvault.com/pkg/brew/shellz/) - generalized runtime or code generation signal
- [act](https://www.automicvault.com/pkg/brew/act/) - narrow executable package without higher-risk signals
- [actions-batch](https://www.automicvault.com/pkg/brew/actions-batch/) - narrow executable package without higher-risk signals
- [aiven-client](https://www.automicvault.com/pkg/brew/aiven-client/) - no executable entrypoint in the package index
- [akamai](https://www.automicvault.com/pkg/brew/akamai/) - narrow executable package without higher-risk signals
- [ansible](https://www.automicvault.com/pkg/brew/ansible/) - no executable entrypoint in the package index
- [ansible-cmdb](https://www.automicvault.com/pkg/brew/ansible-cmdb/) - narrow executable package without higher-risk signals
- [ansible-creator](https://www.automicvault.com/pkg/brew/ansible-creator/) - narrow executable package without higher-risk signals
- [ansible-lint](https://www.automicvault.com/pkg/brew/ansible-lint/) - no executable entrypoint in the package index
- [apache-brooklyn-cli](https://www.automicvault.com/pkg/brew/apache-brooklyn-cli/) - narrow executable package without higher-risk signals
- [apko](https://www.automicvault.com/pkg/brew/apko/) - no executable entrypoint in the package index
- [argocd-autopilot](https://www.automicvault.com/pkg/brew/argocd-autopilot/) - narrow executable package without higher-risk signals
- [argocd-vault-plugin](https://www.automicvault.com/pkg/brew/argocd-vault-plugin/) - narrow executable package without higher-risk signals
- [athenacli](https://www.automicvault.com/pkg/brew/athenacli/) - no executable entrypoint in the package index
- [atlantis](https://www.automicvault.com/pkg/brew/atlantis/) - narrow executable package without higher-risk signals
- [autorest](https://www.automicvault.com/pkg/brew/autorest/) - narrow executable package without higher-risk signals
- [aws-amplify](https://www.automicvault.com/pkg/brew/aws-amplify/) - no executable entrypoint in the package index
- [aws-console](https://www.automicvault.com/pkg/brew/aws-console/) - narrow executable package without higher-risk signals
- [aws-elasticbeanstalk](https://www.automicvault.com/pkg/brew/aws-elasticbeanstalk/) - no executable entrypoint in the package index
- [aws-google-auth](https://www.automicvault.com/pkg/brew/aws-google-auth/) - no executable entrypoint in the package index
- [aws-keychain](https://www.automicvault.com/pkg/brew/aws-keychain/) - narrow executable package without higher-risk signals
- [aws-lc](https://www.automicvault.com/pkg/brew/aws-lc/) - no executable entrypoint in the package index
- [aws-nuke](https://www.automicvault.com/pkg/brew/aws-nuke/) - no executable entrypoint in the package index
- [aws-rotate-key](https://www.automicvault.com/pkg/brew/aws-rotate-key/) - narrow executable package without higher-risk signals
- [aws-sam-cli](https://www.automicvault.com/pkg/brew/aws-sam-cli/) - no executable entrypoint in the package index
- [aws-spiffe-workload-helper](https://www.automicvault.com/pkg/brew/aws-spiffe-workload-helper/) - narrow executable package without higher-risk signals
- [aws-sso-cli](https://www.automicvault.com/pkg/brew/aws-sso-cli/) - no executable entrypoint in the package index
- [aws-sso-util](https://www.automicvault.com/pkg/brew/aws-sso-util/) - no executable entrypoint in the package index
- [aws2-wrap](https://www.automicvault.com/pkg/brew/aws2-wrap/) - narrow executable package without higher-risk signals
- [awscli-local](https://www.automicvault.com/pkg/brew/awscli-local/) - no executable entrypoint in the package index
- [awscurl](https://www.automicvault.com/pkg/brew/awscurl/) - no executable entrypoint in the package index
- [awsume](https://www.automicvault.com/pkg/brew/awsume/) - no executable entrypoint in the package index
- [awsweeper](https://www.automicvault.com/pkg/brew/awsweeper/) - narrow executable package without higher-risk signals
- [azcopy](https://www.automicvault.com/pkg/brew/azcopy/) - no executable entrypoint in the package index
- [azion](https://www.automicvault.com/pkg/brew/azion/) - narrow executable package without higher-risk signals
- [azqr](https://www.automicvault.com/pkg/brew/azqr/) - narrow executable package without higher-risk signals
- [aztfexport](https://www.automicvault.com/pkg/brew/aztfexport/) - narrow executable package without higher-risk signals
- [azure-dev](https://www.automicvault.com/pkg/brew/azure-dev/) - no executable entrypoint in the package index
- [azurehound](https://www.automicvault.com/pkg/brew/azurehound/) - narrow executable package without higher-risk signals
- [backplane-cli](https://www.automicvault.com/pkg/brew/backplane-cli/) - no executable entrypoint in the package index
- [basti](https://www.automicvault.com/pkg/brew/basti/) - no executable entrypoint in the package index
- [bigquery-emulator](https://www.automicvault.com/pkg/brew/bigquery-emulator/) - no executable entrypoint in the package index
- [bom](https://www.automicvault.com/pkg/brew/bom/) - narrow executable package without higher-risk signals
- [boringtun](https://www.automicvault.com/pkg/brew/boringtun/) - narrow executable package without higher-risk signals
- [brigade-cli](https://www.automicvault.com/pkg/brew/brigade-cli/) - narrow executable package without higher-risk signals
- [bubblewrap](https://www.automicvault.com/pkg/brew/bubblewrap/) - narrow executable package without higher-risk signals
- [buildkit](https://www.automicvault.com/pkg/brew/buildkit/) - no executable entrypoint in the package index
- [calicoctl](https://www.automicvault.com/pkg/brew/calicoctl/) - narrow executable package without higher-risk signals
- [cargo-chef](https://www.automicvault.com/pkg/brew/cargo-chef/) - narrow executable package without higher-risk signals
- [cdk8s](https://www.automicvault.com/pkg/brew/cdk8s/) - no executable entrypoint in the package index
- [cfv](https://www.automicvault.com/pkg/brew/cfv/) - narrow executable package without higher-risk signals
- [chamber](https://www.automicvault.com/pkg/brew/chamber/) - narrow executable package without higher-risk signals
- [chart-releaser](https://www.automicvault.com/pkg/brew/chart-releaser/) - narrow executable package without higher-risk signals
- [chart-testing](https://www.automicvault.com/pkg/brew/chart-testing/) - narrow executable package without higher-risk signals
- [cli53](https://www.automicvault.com/pkg/brew/cli53/) - narrow executable package without higher-risk signals
- [cmctl](https://www.automicvault.com/pkg/brew/cmctl/) - narrow executable package without higher-risk signals
- [cntb](https://www.automicvault.com/pkg/brew/cntb/) - narrow executable package without higher-risk signals
- [consul-template](https://www.automicvault.com/pkg/brew/consul-template/) - narrow executable package without higher-risk signals
- [convox](https://www.automicvault.com/pkg/brew/convox/) - no executable entrypoint in the package index
- [cozyhr](https://www.automicvault.com/pkg/brew/cozyhr/) - narrow executable package without higher-risk signals
- [crane](https://www.automicvault.com/pkg/brew/crane/) - no executable entrypoint in the package index
- [crossplane](https://www.automicvault.com/pkg/brew/crossplane/) - narrow executable package without higher-risk signals
- [dagger](https://www.automicvault.com/pkg/brew/dagger/) - narrow executable package without higher-risk signals
