Stratos

azure_scan_aks_full

Run comprehensive security scans on Azure AKS clusters with multiple modes including live API analysis, IMDS exploitation, pod identity, and admission controller bypass detection.

Instructions

🚀 COMPREHENSIVE AKS SECURITY SCAN - Flexible AKS security analysis with multiple scan modes: 'full' (all checks), 'live' (K8s API analysis), 'imds' (IMDS exploitation), 'pod_identity' (identity analysis), 'admission' (admission controller bypass). Covers cluster security, RBAC, secrets, service accounts, IMDS access, identity risks, and policy violations.

Input Schema

TableJSON Schema

Name	Required	Description
`subscriptionId`	Yes	Azure subscription ID
`resourceGroup`	Yes	Resource group containing the AKS cluster
`clusterName`	Yes	AKS cluster name
`scanMode`	No	Scan mode: 'full' (all security checks), 'live' (live K8s API scanning), 'imds' (IMDS exploitation), 'pod_identity' (Pod Identity/Workload Identity analysis), 'admission' (admission controller bypass detection)
`namespace`	No	Specific namespace to scan (for live/imds modes, scans all if not specified)
`podName`	No	Specific pod to execute from (for imds mode, auto-selects if not specified)
`deepScan`	No	Enable deep resource enumeration (for imds mode). Default: true
`testDataPlane`	No	Test actual data plane access (for imds mode). Default: true
`exportTokens`	No	Export stolen tokens to temp file (for imds mode). Default: false
`deepDataPlane`	No	Actually READ secret values, DOWNLOAD blob contents (for imds mode). Default: false
`scanAllPods`	No	Scan ALL pods cluster-wide for IMDS exposure (for imds mode). Default: false
`format`	No	Output format: 'markdown' (default, human-readable) or 'json' (machine-readable)

Tool Definition Quality

A3.6/5.0

Behavior3/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations provided, so description carries full burden. It mentions scan modes and some behaviors (e.g., for imds mode: deep scan, export tokens) but does not disclose potential side effects, required credentials, or destructive nature. More transparency needed.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Description is dense but front-loaded with emoji and capitals. It conveys modes and coverage quickly in a single paragraph. Some structuring would improve readability, but overall efficient.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness3/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

With 12 parameters and no output schema, description should explain return values. It does not describe output format content (e.g., report structure). The 'format' parameter is noted but not what the output contains. Missing comprehensive usage for optional parameters.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 100%, baseline is 3. Description adds some value by explaining scan modes and parameters like 'scanMode' enum values, but does not significantly enhance understanding beyond the schema.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

Description clearly states the tool performs a comprehensive AKS security scan with specific verb 'scan' and resource 'AKS'. It lists multiple scan modes and coverage areas, distinguishing it from sibling tools like 'azure_scan_aks_policy_bypass' by its scope.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines3/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

Description explains scan modes but does not provide explicit guidance on when to use this tool versus alternatives like 'azure_scan_aks_policy_bypass' or 'azure_analyze_rbac_privesc'. Usage context is implied but not clearly differentiated.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/h4cd0c/stratos-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server