← 返回 Skills 市场
Storage Exposure Auditor
作者
Anmol Nagpal
· GitHub ↗
· v1.0.0
275
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install storage-exposure-auditor
功能描述
Identify publicly accessible Azure Storage accounts and misconfigured blob containers
安全使用建议
This skill is generally coherent for a human-assisted audit: it tells you how to run az commands and paste JSON outputs for analysis. Before using it, confirm these points: 1) Do not paste storage account keys, connection strings, or raw SAS tokens — the skill warns against this, and you should redact them or avoid including them. 2) For checks like key rotation age, SAS usage, or diagnostic logging, prefer running local scripts/az commands that emit only non-sensitive metadata (e.g., timestamps, booleans, counts) and paste those results instead of secrets; ask the skill author for exact safe commands if unsure. 3) Use the least-privilege roles to collect data (Reader + Storage Blob Data Reader for listing containers). 4) If you must share logs or evidence, scrub or redact secrets first and consider sharing in a secure channel. 5) Because the SKILL.md mixes role guidance and includes checks that normally need logs/keys, ask the author for clarified, explicit commands that return only safe indicators before pasting anything from your environment. If the author cannot provide safe extraction commands, run the analysis locally or with a trusted security auditor instead.
功能分析
Type: OpenClaw Skill
Name: storage-exposure-auditor
Version: 1.0.0
The skill is a security auditing tool designed to analyze Azure Storage configurations for public exposure. It operates by providing the user with read-only Azure CLI commands to run manually and then analyzing the resulting JSON output. The instructions in SKILL.md explicitly forbid the agent from requesting credentials or secrets and include safety checks to ensure the user does not accidentally provide sensitive keys, aligning perfectly with its stated purpose.
能力评估
Purpose & Capability
Name and description match the instructions: it asks users to paste CLI output about storage accounts/containers and will analyze that. The skill explicitly states it will not access Azure directly and won't request credentials. Minor inconsistency: the SKILL.md suggests 'Storage Account Contributor' as the minimum RBAC role in a JSON blob but elsewhere correctly notes 'Reader' and 'Storage Blob Data Reader' as minimums for specific queries. This role guidance should be clarified but is not a major red flag.
Instruction Scope
The SKILL.md correctly asks the user to provide az CLI JSON outputs for account/container/network settings, which is appropriate. However several listed checks (shared key rotation age, SAS token permissiveness and usage, diagnostic logging and activity logs) cannot be reliably determined from the three example az queries alone. Performing those checks would either require additional (potentially sensitive) data — e.g., storage account keys, SAS tokens, or activity/diagnostic logs — or local preprocessing to extract safe metadata. The skill warns not to ask for credentials and to confirm no secrets, but it does not provide safe, explicit commands or templates for extracting only non-sensitive indicators (e.g., age of last key rotation as a timestamp rather than raw keys). That gap could lead users to accidentally paste secrets.
Install Mechanism
Instruction-only skill with no install spec and no code files. Low operational risk from install mechanism because nothing is downloaded or executed by the platform itself.
Credentials
The skill requests no environment variables, credentials, or config paths, which is appropriate. But because several checks imply examining keys, SAS tokens, or logs, there is a risk the user might be asked to paste sensitive data. The skill includes wording that it will not ask for credentials and to confirm no credentials are present, which mitigates risk somewhat but does not eliminate the ambiguity about how to provide the metadata needed for certain checks without exposing secrets.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It does not write config or request persistent presence. Autonomous invocation remains enabled by default, but that is normal and not by itself a red flag here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install storage-exposure-auditor - 安装完成后,直接呼叫该 Skill 的名称或使用
/storage-exposure-auditor触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of azure-storage-exposure-auditor skill.
- Provides instruction-only workflow to audit Azure Storage and blob container exposure using user-exported data.
- Guides users to collect and submit storage account and container configuration for assessment.
- Analyzes for public access risks, missing security features, and recommends hardened policies.
- Outputs actionable findings, risk estimates, and secure configuration templates.
- Requires no credentials or direct Azure access; only analyzes exported configuration data.
元数据
常见问题
Storage Exposure Auditor 是什么?
Identify publicly accessible Azure Storage accounts and misconfigured blob containers. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 275 次。
如何安装 Storage Exposure Auditor?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install storage-exposure-auditor」即可一键安装,无需额外配置。
Storage Exposure Auditor 是免费的吗?
是的,Storage Exposure Auditor 完全免费(开源免费),可自由下载、安装和使用。
Storage Exposure Auditor 支持哪些平台?
Storage Exposure Auditor 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Storage Exposure Auditor?
由 Anmol Nagpal(@anmolnagpal)开发并维护,当前版本 v1.0.0。
推荐 Skills