← 返回 Skills 市场

Cloud Risk Summary

Name: Cloud Risk Summary
Author: krishnakumarmahadevan-cmd

作者 ToolWeb · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

130

总下载

当前安装

版本数

在 OpenClaw 中安装

/install cloud-risk-summary

功能描述

Generates comprehensive cloud risk summaries by analyzing provider configurations, environments, services, and security exposures.

使用说明 (SKILL.md)

Overview

The Cloud Risk Summary Generator is a security-focused API that synthesizes cloud infrastructure risk assessments into actionable summaries. It analyzes multi-cloud deployments across AWS, Azure, GCP, and other providers to identify, categorize, and contextualize security exposures within specific environments and service architectures.

This tool is designed for cloud security engineers, compliance teams, and DevSecOps professionals who need rapid risk quantification and executive-level reporting on cloud infrastructure posture. By consolidating exposure data with environmental and service context, the API generates structured risk narratives that facilitate remediation prioritization and stakeholder communication.

The generator supports complex cloud environments with multiple services and heterogeneous exposure types, making it suitable for enterprises managing hybrid and multi-cloud infrastructures at scale.

Usage

Sample Request

{
  "provider": "aws",
  "environment": "production",
  "services": [
    "ec2",
    "s3",
    "rds",
    "lambda"
  ],
  "exposures": [
    {
      "issue": "Publicly accessible S3 bucket",
      "impact": "Confidentiality breach affecting 10GB of customer PII"
    },
    {
      "issue": "Unencrypted RDS instance",
      "impact": "Data at rest vulnerability affecting financial records"
    },
    {
      "issue": "Overly permissive IAM policy on Lambda execution role",
      "impact": "Lateral movement risk to other AWS services"
    }
  ]
}

Sample Response

{
  "summary": "AWS production environment contains 3 critical security exposures across 4 services. Immediate action required on S3 public access and RDS encryption. Lambda IAM permissions require least-privilege review.",
  "risk_level": "high",
  "provider": "aws",
  "environment": "production",
  "exposure_count": 3,
  "affected_services": [
    "ec2",
    "s3",
    "rds",
    "lambda"
  ],
  "exposures_analyzed": [
    {
      "issue": "Publicly accessible S3 bucket",
      "impact": "Confidentiality breach affecting 10GB of customer PII",
      "severity": "critical"
    },
    {
      "issue": "Unencrypted RDS instance",
      "impact": "Data at rest vulnerability affecting financial records",
      "severity": "critical"
    },
    {
      "issue": "Overly permissive IAM policy on Lambda execution role",
      "impact": "Lateral movement risk to other AWS services",
      "severity": "high"
    }
  ]
}

Endpoints

POST /generate-risk-summary

Generates a comprehensive risk summary for a cloud infrastructure configuration.

Method: POST

Path: /generate-risk-summary

Description: Analyzes cloud provider configuration, environment details, active services, and identified security exposures to produce a structured risk summary with severity assessment and remediation context.

Request Body (application/json):

Parameter	Type	Required	Description
`provider`	string	Yes	Cloud service provider (e.g., "aws", "azure", "gcp")
`environment`	string	Yes	Deployment environment (e.g., "production", "staging", "development")
`services`	array[string]	Yes	List of cloud services in use (e.g., ["ec2", "s3", "rds"])
`exposures`	array[Exposure]	Yes	Array of identified security exposures, each with issue and impact description

Exposure Object:

Parameter	Type	Required	Description
`issue`	string	Yes	Description of the security issue or vulnerability
`impact`	string	Yes	Description of potential business impact if exploited

Response (200 - Success):

Returns a JSON object containing:

summary (string): Executive-level risk summary text
risk_level (string): Overall risk classification (e.g., "critical", "high", "medium", "low")
provider (string): Echoed provider identifier
environment (string): Echoed environment name
exposure_count (integer): Total number of exposures analyzed
affected_services (array[string]): Services impacted by identified exposures
exposures_analyzed (array): Detailed breakdown of each exposure with severity assessment

Response (422 - Validation Error):

{
  "detail": [
    {
      "loc": ["body", "provider"],
      "msg": "field required",
      "type": "value_error.missing"
    }
  ]
}

Pricing

Plan	Calls/Day	Calls/Month	Price
Free	5	50	Free
Developer	20	500	$39/mo
Professional	200	5,000	$99/mo
Enterprise	100,000	1,000,000	$299/mo

About

ToolWeb.in - 200+ security APIs, CISSP & CISM, platforms: Pay-per-run, API Gateway, MCP Server, OpenClaw, RapidAPI, YouTube.

References

Kong Route: https://api.mkkpro.com/compliance/cloud-risk-summary
API Docs: https://api.mkkpro.com:8027/docs

安全使用建议

This skill is essentially an API specification and summarizer rather than an autonomous cloud scanner. Before installing or using it, consider: 1) Clarify purpose—does the service require you to upload cloud configs/credentials? It currently requests no credentials, so it appears to operate on user-supplied data only. 2) Do not submit sensitive config, credentials, or PII to the referenced external endpoints (api.mkkpro.com / toolweb.in) until you verify the vendor, privacy policy, and TLS/authentication. 3) If you expected an automated scanner that queries AWS/Azure/GCP, this skill will not do that without giving it credentials (and it does not request them). 4) If you want the summarization but need to keep data local, implement the summarization logic locally or sanitize/mask sensitive fields before sending. 5) Ask the publisher for a clear base URL, request/response examples using their actual endpoints, a privacy/security statement, and whether they retain submitted data. If the publisher cannot provide those, treat the external API links as potential data-exfiltration risks.

功能分析

Type: OpenClaw Skill Name: cloud-risk-summary Version: 1.0.0 The bundle is a legitimate documentation-only package for a 'Cloud Risk Summary Generator' API. It contains no executable code, instead providing an OpenAPI specification and markdown instructions for an AI agent to interface with an external security analysis service hosted at api.mkkpro.com. No indicators of malicious intent, data exfiltration, or prompt injection were found.

能力评估

ℹ Purpose & Capability

The name/description imply active analysis of cloud provider configurations (which would normally require cloud credentials or API access). However, the skill requests no environment variables, credentials, or config paths and instead presents a request/response API that expects the user/agent to supply exposures. This is a capability/expectation mismatch: the skill appears to be a summarization API rather than an autonomous cloud-scanning tool.

⚠ Instruction Scope

SKILL.md is an instruction-only API specification with sample requests/responses and explicit external links (api.mkkpro.com, toolweb.in, kong route). While it does not instruct reading local files or env vars, it does reference external endpoints where the agent could send provided cloud configuration/exposure data. That raises a data exfiltration/privacy risk if users or the agent submit sensitive configuration, credentials, or PII to those external services. The OpenAPI file contains the schema but no explicit 'servers' base URL; the SKILL.md still points to external URLs—this ambiguity is concerning.

✓ Install Mechanism

No install spec and no code files to execute. Instruction-only skill (lowest install risk).

ℹ Credentials

The skill requests no environment variables or credentials, which is proportionate if the tool only summarizes user-supplied findings. However, the descriptive language suggests it could require cloud access; the absence of any credential requests means it will not (by itself) access cloud providers—users must supply data manually. This inconsistency should be clarified.

✓ Persistence & Privilege

The skill is not always-enabled, does not request persistent privileges, and has no install or config-writing behavior described.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install cloud-risk-summary
安装完成后，直接呼叫该 Skill 的名称或使用 /cloud-risk-summary 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Cloud Risk Summary Generator v1.0.0 - Initial release of a security-focused API that analyzes and summarizes cloud infrastructure risks for AWS, Azure, GCP, and more. - Generates executive-level risk summaries with severity assessments and remediation context. - Supports multi-cloud, multi-service environments and identifies, categorizes, and contextualizes security exposures. - Includes a /generate-risk-summary endpoint for structured input and JSON output. - Flexible pricing plans from Free to Enterprise.

元数据

Slug cloud-risk-summary

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题