← Back to Skills Marketplace
anmolnagpal

Storage Exposure Auditor

by Anmol Nagpal · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
275
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install storage-exposure-auditor
Description
Identify publicly accessible Azure Storage accounts and misconfigured blob containers
Usage Guidance
This skill is generally coherent for a human-assisted audit: it tells you how to run az commands and paste JSON outputs for analysis. Before using it, confirm these points: 1) Do not paste storage account keys, connection strings, or raw SAS tokens — the skill warns against this, and you should redact them or avoid including them. 2) For checks like key rotation age, SAS usage, or diagnostic logging, prefer running local scripts/az commands that emit only non-sensitive metadata (e.g., timestamps, booleans, counts) and paste those results instead of secrets; ask the skill author for exact safe commands if unsure. 3) Use the least-privilege roles to collect data (Reader + Storage Blob Data Reader for listing containers). 4) If you must share logs or evidence, scrub or redact secrets first and consider sharing in a secure channel. 5) Because the SKILL.md mixes role guidance and includes checks that normally need logs/keys, ask the author for clarified, explicit commands that return only safe indicators before pasting anything from your environment. If the author cannot provide safe extraction commands, run the analysis locally or with a trusted security auditor instead.
Capability Analysis
Type: OpenClaw Skill Name: storage-exposure-auditor Version: 1.0.0 The skill is a security auditing tool designed to analyze Azure Storage configurations for public exposure. It operates by providing the user with read-only Azure CLI commands to run manually and then analyzing the resulting JSON output. The instructions in SKILL.md explicitly forbid the agent from requesting credentials or secrets and include safety checks to ensure the user does not accidentally provide sensitive keys, aligning perfectly with its stated purpose.
Capability Assessment
Purpose & Capability
Name and description match the instructions: it asks users to paste CLI output about storage accounts/containers and will analyze that. The skill explicitly states it will not access Azure directly and won't request credentials. Minor inconsistency: the SKILL.md suggests 'Storage Account Contributor' as the minimum RBAC role in a JSON blob but elsewhere correctly notes 'Reader' and 'Storage Blob Data Reader' as minimums for specific queries. This role guidance should be clarified but is not a major red flag.
Instruction Scope
The SKILL.md correctly asks the user to provide az CLI JSON outputs for account/container/network settings, which is appropriate. However several listed checks (shared key rotation age, SAS token permissiveness and usage, diagnostic logging and activity logs) cannot be reliably determined from the three example az queries alone. Performing those checks would either require additional (potentially sensitive) data — e.g., storage account keys, SAS tokens, or activity/diagnostic logs — or local preprocessing to extract safe metadata. The skill warns not to ask for credentials and to confirm no secrets, but it does not provide safe, explicit commands or templates for extracting only non-sensitive indicators (e.g., age of last key rotation as a timestamp rather than raw keys). That gap could lead users to accidentally paste secrets.
Install Mechanism
Instruction-only skill with no install spec and no code files. Low operational risk from install mechanism because nothing is downloaded or executed by the platform itself.
Credentials
The skill requests no environment variables, credentials, or config paths, which is appropriate. But because several checks imply examining keys, SAS tokens, or logs, there is a risk the user might be asked to paste sensitive data. The skill includes wording that it will not ask for credentials and to confirm no credentials are present, which mitigates risk somewhat but does not eliminate the ambiguity about how to provide the metadata needed for certain checks without exposing secrets.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It does not write config or request persistent presence. Autonomous invocation remains enabled by default, but that is normal and not by itself a red flag here.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install storage-exposure-auditor
  3. After installation, invoke the skill by name or use /storage-exposure-auditor
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of azure-storage-exposure-auditor skill. - Provides instruction-only workflow to audit Azure Storage and blob container exposure using user-exported data. - Guides users to collect and submit storage account and container configuration for assessment. - Analyzes for public access risks, missing security features, and recommends hardened policies. - Outputs actionable findings, risk estimates, and secure configuration templates. - Requires no credentials or direct Azure access; only analyzes exported configuration data.
Metadata
Slug storage-exposure-auditor
Version 1.0.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Storage Exposure Auditor?

Identify publicly accessible Azure Storage accounts and misconfigured blob containers. It is an AI Agent Skill for Claude Code / OpenClaw, with 275 downloads so far.

How do I install Storage Exposure Auditor?

Run "/install storage-exposure-auditor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Storage Exposure Auditor free?

Yes, Storage Exposure Auditor is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Storage Exposure Auditor support?

Storage Exposure Auditor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Storage Exposure Auditor?

It is built and maintained by Anmol Nagpal (@anmolnagpal); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments