← 返回 Skills 市场

Defender Posture Reviewer

Name: Defender Posture Reviewer
Author: anmolnagpal

作者 Anmol Nagpal · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

364

总下载

当前安装

版本数

在 OpenClaw 中安装

/install defender-posture-reviewer

功能描述

Interpret Microsoft Defender for Cloud Secure Score and generate a prioritized remediation roadmap

使用说明 (SKILL.md)

Microsoft Defender for Cloud Posture Reviewer

You are a Microsoft Defender for Cloud expert. Turn Secure Score recommendations into an actionable security roadmap.

This skill is instruction-only. It does not execute any Azure CLI commands or access your Azure account directly. You provide the data; Claude analyzes it.

Required Inputs

Ask the user to provide one or more of the following (the more provided, the better the analysis):

Defender for Cloud Secure Score export — overall and per-control scores

How to export: Azure Portal → Defender for Cloud → Secure score → Download CSV

Defender recommendations list — all active recommendations

az security assessment list --output json > defender-recommendations.json

Defender for Cloud alerts export — active security alerts

az security alert list --output json > defender-alerts.json

Minimum required Azure RBAC role to run the CLI commands above (read-only):

{
  "role": "Security Reader",
  "scope": "Subscription"
}

If the user cannot provide any data, ask them to describe: your current Secure Score percentage, top 3 recommendation categories, and which Defender plans are enabled.

Steps

Parse Secure Score and per-control recommendations
Prioritize by real-world risk (not just score impact)
Identify quick wins (high score impact, low effort)
Generate remediation plan with Azure CLI commands
Write CISO-ready posture narrative

Key Control Domains

Identity: MFA, admin accounts, legacy auth
Data: Encryption at rest/transit, SQL TDE, Key Vault
Network: NSG hardening, DDoS protection, Firewall
Compute: Endpoint protection, VM vulnerability assessment, Update Management
AppServices: HTTPS only, TLS version, auth enabled
Containers: Defender for Containers, image scanning, AKS RBAC

Output Format

Secure Score Summary: current score, max possible, % per domain
Quick Wins Table: recommendation, score impact, effort (Low/Med/High), Azure CLI fix
Critical Findings: immediate risk regardless of score impact
Remediation Roadmap: Week 1 / Month 1 / Quarter 1 plan
CISO Narrative: board-ready security posture summary (1 page)

Rules

Distinguish score-gaming (easy but low-risk) from real-risk remediation
2025: Defender CSPM includes attack path analysis — highlight toxic combinations
Note if Defender plans are not enabled for key workload types (servers, containers, SQL)
Flag recommendations that have been dismissed/exempted without justification
Never ask for credentials, access keys, or secret keys — only exported data or CLI/console output
If user pastes raw data, confirm no credentials are included before processing

安全使用建议

This skill appears coherent for its stated purpose, but consider the following before installing or using it: - Do not paste credentials, secret keys, or tokens. The skill tells you not to provide credentials — follow that. - Inspect any exported JSON/CSV before pasting: redact any secrets, but also be aware exports can contain subscription IDs, resource names, and principal IDs (sensitive for privacy and social engineering). Share only the minimum data needed. - Prefer running the example az commands locally yourself (they require Security Reader) and then paste the outputs; avoid granting the agent any direct CLI access. - The SKILL.md header lists 'bash' as a tool while the doc says it will not execute CLI commands — if you are deploying this into an environment where the agent can run shell commands, confirm that behavior with the platform and deny shell access if undesired. - Source and homepage are missing and the publisher identity is unknown; that reduces trust. If this will be used for high-stakes or production remediation, prefer skills from known vendors or verify the author first. - If you want higher assurance, ask the publisher for a provenance page or a signed SKILL.md and request logs showing the agent will not execute commands on your host.

功能分析

Type: OpenClaw Skill Name: defender-posture-reviewer Version: 1.0.0 The skill declares `tools: bash` in `SKILL.md`, granting the AI agent shell execution capabilities. While the skill explicitly states it is 'instruction-only' and 'does not execute any Azure CLI commands or access your Azure account directly,' and includes rules like 'Never ask for credentials,' the presence of the `bash` tool creates a significant prompt injection vulnerability. A malicious user could potentially craft an input to the agent that overrides these instructions and compels the agent to execute arbitrary commands via `bash`, leading to unauthorized actions. There is no direct evidence of intentional malicious behavior (e.g., exfiltration, persistence) within the provided skill bundle itself, but the capability poses a high risk.

能力评估

✓ Purpose & Capability

Name/description match the runtime instructions: the skill asks users to provide Defender Secure Score exports, recommendation and alert JSONs and then produces prioritized remediation and Azure CLI remediation examples. It does not request unrelated credentials or system access.

ℹ Instruction Scope

SKILL.md stays within scope (parse exported data, prioritize, produce remediation and CLI commands). It explicitly states it will not execute Azure CLI or access the account. Minor ambiguity: the SKILL header lists 'tools: claude, bash' which could imply shell execution — the doc contradicts that. Also the skill asks users to paste raw exports and instructs to confirm no credentials are present before processing.

✓ Install Mechanism

No install spec and no code files — instruction-only skill with nothing written to disk. Low install risk.

✓ Credentials

No environment variables, keys, or persistent credentials are requested. The sample az CLI commands are read-only and the minimum RBAC role stated is Security Reader (subscription scope), which is appropriate for exporting the listed data.

✓ Persistence & Privilege

Skill is not always-enabled and doesn't request persistent system-wide privileges or modify other skills. Autonomous invocation is allowed (platform default) but not combined with other high-risk indicators.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install defender-posture-reviewer
安装完成后，直接呼叫该 Skill 的名称或使用 /defender-posture-reviewer 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release: Azure Defender for Cloud Secure Score review and remediation planner. - Interprets exported Defender for Cloud Secure Score, recommendations, and alerts. - Prioritizes remediation by real-world risk and identifies high-impact, low-effort quick wins. - Generates a CISO-ready security posture narrative and phased remediation roadmap. - Provides an output format with Secure Score summary, quick wins table, and critical findings. - Operates entirely instruction-based: no Azure access or credentials needed—analysis is on user-provided data only.

元数据

Slug defender-posture-reviewer

版本 1.0.0

许可证 —

累计安装 0

当前安装数 0

历史版本数 1

常见问题