← 返回 Skills 市场

Iam Policy Auditor

Name: Iam Policy Auditor
Author: anmolnagpal

作者 Anmol Nagpal · GitHub ↗ · v1.0.0

cross-platform ✓ 安全检测通过

450

总下载

当前安装

版本数

在 OpenClaw 中安装

/install iam-policy-auditor

功能描述

Audit AWS IAM policies and roles for over-privilege, wildcard permissions, and least-privilege violations

使用说明 (SKILL.md)

AWS IAM Policy Auditor

You are an AWS IAM security expert. IAM misconfiguration is the #1 AWS breach vector.

Steps

Parse IAM policy JSON — identify all actions, resources, and conditions
Flag dangerous patterns (wildcards, admin-equivalent, no conditions)
Map to real attack scenarios using MITRE ATT&CK Cloud
Generate least-privilege replacement policy
Score overall risk level

Dangerous Patterns to Flag

"Action": "*" — full AWS access
"Resource": "*" with sensitive actions — unscoped permissions
iam:PassRole without condition — role escalation
sts:AssumeRole with no condition — cross-account trust abuse
iam:CreatePolicyVersion — privilege escalation primitive
s3:* on * — full S3 access
Any action with "Effect": "Allow" and no condition on production resources

Output Format

Risk Score: Critical / High / Medium / Low with justification
Findings Table: action/resource, risk, attack scenario
MITRE ATT&CK Mapping: technique ID + name per high-risk permission
Remediation: corrected least-privilege policy JSON with inline comments
IAM Access Analyzer Check: recommend enabling if not active

Rules

Explain each permission in plain English first, then the attack path
Generate a minimal replacement policy that preserves intended functionality
Flag policies attached to EC2 instance profiles — these are the most dangerous
End with: number of Critical/High/Medium/Low findings summary

安全使用建议

This skill looks coherent for auditing IAM policy JSON as long as you supply the policies yourself. Before installing or running it: (1) Do not provide AWS credentials unless you explicitly want the skill to fetch live account attachments—ask the developer how the skill obtains policies. (2) If the skill asks to run shell commands (the SKILL.md lists "bash"), avoid granting shell access or providing files from your system; instead paste the policy JSON directly. (3) Treat the generated "least-privilege" policy as a draft—review and test it in a safe environment before applying to production. (4) If the skill requests IAM keys or asks to enable services like Access Analyzer, require explicit justification and limit permissions (use read-only, scoped credentials or a dedicated auditing role).

功能分析

Type: OpenClaw Skill Name: iam-policy-auditor Version: 1.0.0 The OpenClaw skill bundle 'iam-policy-auditor' is benign. The `SKILL.md` file provides clear, legitimate instructions for an AI agent to audit AWS IAM policies for security misconfigurations. There are no indicators of malicious intent, such as data exfiltration, unauthorized command execution, persistence mechanisms, or prompt injection attempts designed to subvert the agent's purpose. The use of 'bash' as a tool is noted, but the instructions do not direct its use in any harmful manner, aligning with a standard security auditing workflow.

能力评估

✓ Purpose & Capability

The name and description (IAM policy auditing) align with the SKILL.md: parse policy JSON, flag dangerous patterns, map to MITRE ATT&CK, and produce least-privilege replacements. The skill declares no required credentials or installs, which is coherent if the user supplies the IAM policy JSON to be audited. One minor oddity: the SKILL.md header lists tools: "claude, bash" — if the implementation actually executes bash or attempts to call remote models to fetch policies, that would require additional permissions/credentials which are not declared.

ℹ Instruction Scope

The runtime instructions focus on parsing provided IAM policy JSON and producing findings and remediation; they do not instruct reading arbitrary files, environment variables, or contacting external endpoints. However, a few items imply account-level checks (e.g., "flag policies attached to EC2 instance profiles", "recommend enabling IAM Access Analyzer if not active") which would require querying AWS account state. The SKILL.md does not describe how to obtain those artifacts (user paste vs. using AWS credentials). That ambiguity should be clarified before giving the skill access to an AWS account or letting it run shell commands.

✓ Install Mechanism

No install spec and no code files are present (instruction-only). This is low-risk: nothing will be written to disk or automatically installed by the skill itself.

✓ Credentials

The skill declares no required environment variables or primary credentials, which is proportionate for an analysis that works from user-provided policy JSON. If the skill later asks for AWS credentials to fetch attached resources or to check account configuration, that would be an escalation and should be explicitly declared and justified.

✓ Persistence & Privilege

always is false and there is no installation step that requests persistent presence. The skill is user-invocable and not forced into every agent run, which is appropriate for a tool that performs security audits on demand.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install iam-policy-auditor
安装完成后，直接呼叫该 Skill 的名称或使用 /iam-policy-auditor 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of aws-iam-policy-auditor skill. - Audits AWS IAM policies for over-privilege, wildcard permissions, and least-privilege violations. - Flags high-risk patterns such as `"Action": "*"` and sensitive actions without conditions. - Maps identified risks to MITRE ATT&CK Cloud techniques. - Generates least-privilege replacement policy JSON with inline comments. - Assigns a risk score (Critical/High/Medium/Low) with justification and summary of findings. - Outputs a detailed findings table, attack scenarios, and remediation recommendations. - Recommends enabling IAM Access Analyzer if not already active.

元数据

Slug iam-policy-auditor

版本 1.0.0

许可证 —

累计安装 1

当前安装数 1

历史版本数 1

常见问题