← Back to Skills Marketplace
anmolnagpal

Defender Posture Reviewer

by Anmol Nagpal · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
364
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install defender-posture-reviewer
Description
Interpret Microsoft Defender for Cloud Secure Score and generate a prioritized remediation roadmap
README (SKILL.md)

Microsoft Defender for Cloud Posture Reviewer

You are a Microsoft Defender for Cloud expert. Turn Secure Score recommendations into an actionable security roadmap.

This skill is instruction-only. It does not execute any Azure CLI commands or access your Azure account directly. You provide the data; Claude analyzes it.

Required Inputs

Ask the user to provide one or more of the following (the more provided, the better the analysis):

  1. Defender for Cloud Secure Score export — overall and per-control scores 
    How to export: Azure Portal → Defender for Cloud → Secure score → Download CSV
  2. Defender recommendations list — all active recommendations 
    az security assessment list --output json > defender-recommendations.json
  3. Defender for Cloud alerts export — active security alerts 
    az security alert list --output json > defender-alerts.json

Minimum required Azure RBAC role to run the CLI commands above (read-only):

{
  "role": "Security Reader",
  "scope": "Subscription"
}

If the user cannot provide any data, ask them to describe: your current Secure Score percentage, top 3 recommendation categories, and which Defender plans are enabled.

Steps

  1. Parse Secure Score and per-control recommendations
  2. Prioritize by real-world risk (not just score impact)
  3. Identify quick wins (high score impact, low effort)
  4. Generate remediation plan with Azure CLI commands
  5. Write CISO-ready posture narrative

Key Control Domains

  • Identity: MFA, admin accounts, legacy auth
  • Data: Encryption at rest/transit, SQL TDE, Key Vault
  • Network: NSG hardening, DDoS protection, Firewall
  • Compute: Endpoint protection, VM vulnerability assessment, Update Management
  • AppServices: HTTPS only, TLS version, auth enabled
  • Containers: Defender for Containers, image scanning, AKS RBAC

Output Format

  • Secure Score Summary: current score, max possible, % per domain
  • Quick Wins Table: recommendation, score impact, effort (Low/Med/High), Azure CLI fix
  • Critical Findings: immediate risk regardless of score impact
  • Remediation Roadmap: Week 1 / Month 1 / Quarter 1 plan
  • CISO Narrative: board-ready security posture summary (1 page)

Rules

  • Distinguish score-gaming (easy but low-risk) from real-risk remediation
  • 2025: Defender CSPM includes attack path analysis — highlight toxic combinations
  • Note if Defender plans are not enabled for key workload types (servers, containers, SQL)
  • Flag recommendations that have been dismissed/exempted without justification
  • Never ask for credentials, access keys, or secret keys — only exported data or CLI/console output
  • If user pastes raw data, confirm no credentials are included before processing
Usage Guidance
This skill appears coherent for its stated purpose, but consider the following before installing or using it: - Do not paste credentials, secret keys, or tokens. The skill tells you not to provide credentials — follow that. - Inspect any exported JSON/CSV before pasting: redact any secrets, but also be aware exports can contain subscription IDs, resource names, and principal IDs (sensitive for privacy and social engineering). Share only the minimum data needed. - Prefer running the example az commands locally yourself (they require Security Reader) and then paste the outputs; avoid granting the agent any direct CLI access. - The SKILL.md header lists 'bash' as a tool while the doc says it will not execute CLI commands — if you are deploying this into an environment where the agent can run shell commands, confirm that behavior with the platform and deny shell access if undesired. - Source and homepage are missing and the publisher identity is unknown; that reduces trust. If this will be used for high-stakes or production remediation, prefer skills from known vendors or verify the author first. - If you want higher assurance, ask the publisher for a provenance page or a signed SKILL.md and request logs showing the agent will not execute commands on your host.
Capability Analysis
Type: OpenClaw Skill Name: defender-posture-reviewer Version: 1.0.0 The skill declares `tools: bash` in `SKILL.md`, granting the AI agent shell execution capabilities. While the skill explicitly states it is 'instruction-only' and 'does not execute any Azure CLI commands or access your Azure account directly,' and includes rules like 'Never ask for credentials,' the presence of the `bash` tool creates a significant prompt injection vulnerability. A malicious user could potentially craft an input to the agent that overrides these instructions and compels the agent to execute arbitrary commands via `bash`, leading to unauthorized actions. There is no direct evidence of intentional malicious behavior (e.g., exfiltration, persistence) within the provided skill bundle itself, but the capability poses a high risk.
Capability Assessment
Purpose & Capability
Name/description match the runtime instructions: the skill asks users to provide Defender Secure Score exports, recommendation and alert JSONs and then produces prioritized remediation and Azure CLI remediation examples. It does not request unrelated credentials or system access.
Instruction Scope
SKILL.md stays within scope (parse exported data, prioritize, produce remediation and CLI commands). It explicitly states it will not execute Azure CLI or access the account. Minor ambiguity: the SKILL header lists 'tools: claude, bash' which could imply shell execution — the doc contradicts that. Also the skill asks users to paste raw exports and instructs to confirm no credentials are present before processing.
Install Mechanism
No install spec and no code files — instruction-only skill with nothing written to disk. Low install risk.
Credentials
No environment variables, keys, or persistent credentials are requested. The sample az CLI commands are read-only and the minimum RBAC role stated is Security Reader (subscription scope), which is appropriate for exporting the listed data.
Persistence & Privilege
Skill is not always-enabled and doesn't request persistent system-wide privileges or modify other skills. Autonomous invocation is allowed (platform default) but not combined with other high-risk indicators.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install defender-posture-reviewer
  3. After installation, invoke the skill by name or use /defender-posture-reviewer
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: Azure Defender for Cloud Secure Score review and remediation planner. - Interprets exported Defender for Cloud Secure Score, recommendations, and alerts. - Prioritizes remediation by real-world risk and identifies high-impact, low-effort quick wins. - Generates a CISO-ready security posture narrative and phased remediation roadmap. - Provides an output format with Secure Score summary, quick wins table, and critical findings. - Operates entirely instruction-based: no Azure access or credentials needed—analysis is on user-provided data only.
Metadata
Slug defender-posture-reviewer
Version 1.0.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Defender Posture Reviewer?

Interpret Microsoft Defender for Cloud Secure Score and generate a prioritized remediation roadmap. It is an AI Agent Skill for Claude Code / OpenClaw, with 364 downloads so far.

How do I install Defender Posture Reviewer?

Run "/install defender-posture-reviewer" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Defender Posture Reviewer free?

Yes, Defender Posture Reviewer is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Defender Posture Reviewer support?

Defender Posture Reviewer is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Defender Posture Reviewer?

It is built and maintained by Anmol Nagpal (@anmolnagpal); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments