← Back to Skills Marketplace

S3 Exposure Auditor

Name: S3 Exposure Auditor
Author: anmolnagpal

by Anmol Nagpal · GitHub ↗ · v1.0.0

cross-platform ✓ Security Clean

313

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install s3-exposure-auditor

Description

Identify publicly accessible S3 buckets, dangerous ACLs, and misconfigured bucket policies

Usage Guidance

This skill is instruction-only and appears coherent with its purpose, but take these precautions before using it: never paste AWS access keys or secrets—only paste the CLI/console outputs the skill requests; review and redact any account-sensitive information if needed (account IDs, ARNs, internal hostnames); treat the skill's policy/SCP recommendations as guidance only—have an AWS admin validate and test them in a non-production account first; note the SKILL.md contains a possibly incorrect SCP example—clarify that with the author or your security team before applying; if you prefer, run the CLI commands yourself, redact outputs, and then paste sanitized results for analysis.

Capability Analysis

Type: OpenClaw Skill Name: s3-exposure-auditor Version: 1.0.0 The skill is designed as an AWS S3 security auditor, explicitly stating it is 'instruction-only' and 'does not execute any AWS CLI commands or access your AWS account directly.' It instructs the AI agent to analyze user-provided data and generate security recommendations, explicitly forbidding the agent from asking for credentials or processing user input containing them. While 'bash' is listed as a tool, the skill's instructions actively prevent its use for execution, indicating a clear benign intent aligned with its stated purpose.

Capability Assessment

✓ Purpose & Capability

The name/description map to the instructions: the skill asks users to provide S3-related CLI output (bucket lists, ACLs, policies, public-access-block, Security Hub findings) and then performs analysis. It requests no environment variables, binaries, or installs, which is proportionate for an instruction-only auditor.

ℹ Instruction Scope

Overall the runtime instructions stay within scope: they ask for explicit AWS CLI/console output and provide clear read-only permission guidance. A few minor issues to review before trusting recommendations: the suggested SCP phrasing ('deny s3:PutBucketPublicAccessBlock false') is unclear/misspecified and should be validated by an AWS admin; the skill recommends actions (SCPs, AWS Config rules, hardened policies) that a human should review before applying. The SKILL.md does instruct the user to confirm pasted data contains no credentials, which is good practice.

✓ Install Mechanism

No install spec and no code files—this is instruction-only, so nothing will be downloaded or executed by the platform. Lowest-risk install profile.

ℹ Credentials

The skill requests no environment variables or credentials (and explicitly says not to request them). However, the required CLI outputs can contain sensitive identifiers (account IDs, ARNs, resource names) and potentially pasted policy documents—users should sanitize outputs and remove any incidental secrets before pasting. The quantity of requested data (multiple bucket policies, ACLs, Security Hub findings) is reasonable for the task.

✓ Persistence & Privilege

The skill is not always-enabled, does not request persistent presence, and has no install-time hooks. It does not modify other skills or system settings on its own.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install s3-exposure-auditor
After installation, invoke the skill by name or use /s3-exposure-auditor
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

- Initial release of aws-s3-exposure-auditor: audit exported S3 bucket data for exposure risks. - Identifies publicly accessible buckets, dangerous ACLs, misconfigured policies, and missing preventive controls. - Guides users to gather required CLI outputs; no credentials or AWS access is requested. - Reports critical issues, risk levels, and sensitivity estimates, with recommendations and hardened bucket policies. - Strongly recommends enabling account-level S3 Block Public Access and highlights buckets without encryption.

Metadata

Slug s3-exposure-auditor

Version 1.0.0

License —

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is S3 Exposure Auditor?

Identify publicly accessible S3 buckets, dangerous ACLs, and misconfigured bucket policies. It is an AI Agent Skill for Claude Code / OpenClaw, with 313 downloads so far.

How do I install S3 Exposure Auditor?

Run "/install s3-exposure-auditor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is S3 Exposure Auditor free?

Yes, S3 Exposure Auditor is completely free (open-source). You can download, install and use it at no cost.

Which platforms does S3 Exposure Auditor support?

S3 Exposure Auditor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created S3 Exposure Auditor?

It is built and maintained by Anmol Nagpal (@anmolnagpal); the current version is v1.0.0.

More Skills