← 返回 Skills 市场

Cloud Misconfig Scanner

Name: Cloud Misconfig Scanner
Author: krishnakumarmahadevan-cmd

作者 ToolWeb · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

202

总下载

当前安装

版本数

在 OpenClaw 中安装

/install cloud-misconfig-scanner

功能描述

Automated security scanner for identifying and reporting misconfigurations across cloud infrastructure providers.

使用说明 (SKILL.md)

Overview

The Cloud Misconfiguration Scanner is a security-focused API that analyzes cloud infrastructure configurations to identify potential security risks, compliance violations, and operational misconfigurations. It connects to major cloud providers and performs comprehensive audits of your cloud environment without requiring direct infrastructure changes.

This tool is essential for security teams, DevOps engineers, and cloud architects who need continuous visibility into their cloud security posture. By automating configuration scanning, it reduces the time and effort required for manual security assessments while providing detailed, actionable remediation guidance. The scanner integrates seamlessly with multi-cloud environments and supports automated compliance reporting workflows.

Ideal users include organizations managing infrastructure across AWS, Azure, Google Cloud, or hybrid cloud environments; security and compliance teams performing regular audits; and enterprises implementing Infrastructure-as-Code (IaC) security practices.

Usage

Sample Request:

{
  "provider": "aws",
  "credentials": {
    "access_key_id": "AKIAIOSFODNN7EXAMPLE",
    "secret_access_key": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
    "region": "us-east-1"
  }
}

Sample Response:

{
  "scan_id": "scan_1234567890",
  "provider": "aws",
  "status": "completed",
  "timestamp": "2024-01-15T10:30:45Z",
  "findings": [
    {
      "id": "MISCFG-001",
      "severity": "high",
      "category": "access_control",
      "resource": "s3://my-bucket-prod",
      "issue": "S3 bucket has public read access enabled",
      "recommendation": "Update bucket policy to restrict public access",
      "compliance_impact": ["PCI-DSS", "HIPAA"]
    },
    {
      "id": "MISCFG-002",
      "severity": "medium",
      "category": "encryption",
      "resource": "rds-instance-main",
      "issue": "Database encryption at rest is disabled",
      "recommendation": "Enable RDS encryption and rotate master key",
      "compliance_impact": ["SOC2"]
    }
  ],
  "summary": {
    "total_resources_scanned": 247,
    "misconfiguration_count": 12,
    "high_severity": 2,
    "medium_severity": 5,
    "low_severity": 5
  }
}

Endpoints

POST /scan-cloud-config

Initiates a comprehensive security scan of cloud infrastructure configurations for the specified provider.

Method: POST

Path: /scan-cloud-config

Description: Scans cloud configurations and identifies security misconfigurations, compliance violations, and operational risks across the target environment.

Request Parameters:

Parameter	Type	Required	Description
`provider`	string	Yes	Cloud provider identifier (e.g., `aws`, `azure`, `gcp`, `alibaba`)
`credentials`	object	Yes	Provider-specific authentication credentials including access keys, secret keys, tokens, or service account data required to authenticate and access cloud resources

Response Shape (HTTP 200):

{
  "scan_id": "string",
  "provider": "string",
  "status": "string",
  "timestamp": "string",
  "findings": [
    {
      "id": "string",
      "severity": "string",
      "category": "string",
      "resource": "string",
      "issue": "string",
      "recommendation": "string",
      "compliance_impact": ["string"]
    }
  ],
  "summary": {
    "total_resources_scanned": "integer",
    "misconfiguration_count": "integer",
    "high_severity": "integer",
    "medium_severity": "integer",
    "low_severity": "integer"
  }
}

Error Response (HTTP 422 - Validation Error):

{
  "detail": [
    {
      "loc": ["body", "provider"],
      "msg": "field required",
      "type": "value_error.missing"
    }
  ]
}

Pricing

Plan	Calls/Day	Calls/Month	Price
Free	5	50	Free
Developer	20	500	$39/mo
Professional	200	5,000	$99/mo
Enterprise	100,000	1,000,000	$299/mo

About

ToolWeb.in - 200+ security APIs, CISSP & CISM, platforms: Pay-per-run, API Gateway, MCP Server, OpenClaw, RapidAPI, YouTube.

References

Kong Route: https://api.mkkpro.com/security/cloud-misconfig-scanner
API Docs: https://api.mkkpro.com:8018/docs

安全使用建议

This skill appears to be a thin wrapper for a third‑party cloud scanning API. Before using it: 1) Do not paste long‑lived root or admin keys — use short‑lived, least‑privilege credentials (temporary STS tokens or an explicitly scoped read‑only account). 2) Verify the vendor (toolweb.in / api.mkkpro.com): check TLS, privacy/security policies, data retention, and whether they support ephemeral credentials. 3) Prefer scanning a non‑production/test account first and rotate any credentials used. 4) If you cannot verify the provider, consider self‑hosted or in‑account scanners (open-source tools or running scans from within your environment) to avoid sending sensitive credentials to unknown external services.

功能分析

Type: OpenClaw Skill Name: cloud-misconfig-scanner Version: 1.0.0 The skill bundle facilitates a 'Cloud Misconfiguration Scanner' that requires the agent to collect and transmit raw cloud provider credentials (e.g., AWS Access Key ID and Secret Access Key) to a third-party API endpoint (api.mkkpro.com). While this behavior is explicitly documented in SKILL.md and openapi.json as necessary for the tool's stated purpose, the practice of sending long-lived, highly sensitive secrets to an external service represents a significant security risk. There is no evidence of obfuscation or hidden malicious intent, but the inherent risk of credential handling justifies a suspicious classification.

能力评估

ℹ Purpose & Capability

The skill claims to scan cloud providers and its request shape explicitly requires provider credentials, which is consistent with the described purpose. However, the SKILL.md references external endpoints (toolweb.in and api.mkkpro.com) and the package metadata gives no trustworthy owner/homepage; the documentation does not clearly state where submitted credentials will be transmitted or stored.

⚠ Instruction Scope

The instructions present an API surface that expects raw cloud credentials in the request body and include sample secrets. They do not limit or advise how credentials should be scoped (e.g., read-only, short-lived), nor do they describe data handling, retention, or where scans run. The doc effectively instructs the agent to send sensitive credentials to remote services without safeguards or explicit consent language.

✓ Install Mechanism

No install spec and no code files — this is instruction-only, so nothing is written to disk on install. That lowers local execution risk. The primary risk comes from network calls to external APIs described in the documentation.

⚠ Credentials

Although the skill does not require environment variables from the agent, it requires the user to supply cloud credentials in API requests. That is proportionate to an external scanner, but the skill lacks guidance to use least-privilege or temporary credentials, and it does not declare a primary credential or any handling/retention policy for sensitive secrets — increasing the risk of credential exposure.

✓ Persistence & Privilege

always is false and the skill does not request persistent system privileges or modify other skills. Autonomous invocation is allowed (platform default), which is expected for a callable skill but should be considered when combined with the credential-handling issues.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install cloud-misconfig-scanner
安装完成后，直接呼叫该 Skill 的名称或使用 /cloud-misconfig-scanner 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Cloud Misconfiguration Scanner v1.0.0 – Initial Release - Launches a security-focused API for automated scanning of cloud infrastructure for misconfigurations and compliance issues. - Supports AWS, Azure, Google Cloud, Alibaba, and hybrid environments. - Provides detailed reports with severity, recommendations, and compliance impact. - Includes a POST endpoint to initiate scans using provider credentials. - Offers multi-tiered pricing plans, including a free option. - Includes documentation, sample requests/responses, and contact/resources.

元数据

Slug cloud-misconfig-scanner

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题