← 返回 Skills 市场

Watadot Aws Iam

Name: Watadot Aws Iam
Author: ordiy

作者 ordiy · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ✓ 安全检测通过

265

总下载

当前安装

版本数

在 OpenClaw 中安装

/install watadot-aws-iam

功能描述

IAM security patterns by Watadot Studio. Manage users, roles, and policy verification.

使用说明 (SKILL.md)

AWS IAM Skills

Security-first identity and access management patterns.

🚀 Core Commands

Identity Audit

# List all users with ARN and creation date
aws iam list-users --query "Users[].{User:UserName,Arn:Arn,Date:CreateDate}" --output table

# Find unused access keys (90+ days)
aws iam list-users --query "Users[].UserName" --output text | xargs -I {} aws iam list-access-keys --user-name {} --query "AccessKeyMetadata[?Status==\`Active\` && CreateDate \x3C \`2025-12-31\`]"

Role Orchestration

# Assume a role and get temporary credentials
aws sts assume-role --role-arn \x3Crole-arn> --role-session-name "OpenClawSession"

# List policies attached to a specific role
aws iam list-attached-role-policies --role-name \x3Crole-name> --query "AttachedPolicies[].PolicyName"

Policy Verification

# Get effective policy document
aws iam get-policy-version --policy-arn \x3Carn> --version-id \x3Cid> --query "PolicyVersion.Document"

🧠 Best Practices

Never use Root: Use IAM users or SSO roles for daily operations.
Short-lived Credentials: Prefer sts assume-role over permanent access keys.
MFA Enforcement: Enable Multi-Factor Authentication for all console and sensitive CLI access.
Access Analyzer: Regularly run IAM Access Analyzer to find unintended public or cross-account access.

安全使用建议

This skill is coherent and appears to do what it says: run aws CLI IAM checks. Before using it: (1) ensure the aws CLI is installed and configured with appropriate, least-privilege credentials (prefer read-only/IAM-read policies for audits); (2) review and adjust the example filters (the access-key check uses a hard-coded 2025-12-31 date — replace with a proper relative date or use aws iam get-access-key-last-used for accuracy); (3) when using sts assume-role, handle temporary credentials securely (don't persist them in logs or public places); (4) run commands in a non-production account or with limited permissions first to confirm behavior; (5) remember that outputs will reflect what the AWS credentials used can access — do not run these commands from an account you don't trust. Overall there are no unexplained env or network requirements and no install-time code, so the risk surface is limited to whatever your configured AWS credentials permit.

功能分析

Type: OpenClaw Skill Name: watadot-aws-iam Version: 1.0.0 The skill bundle contains standard AWS CLI commands for IAM auditing and management, such as listing users, checking access key ages, and assuming roles. The instructions in SKILL.md align with security best practices and do not exhibit any signs of malicious intent, data exfiltration, or prompt injection.

能力评估

✓ Purpose & Capability

Name/description: IAM management. Declared requirement: aws CLI. No unrelated credentials, binaries, or install steps. The aws CLI is an appropriate and expected dependency for this purpose.

ℹ Instruction Scope

SKILL.md contains concrete aws CLI commands for listing users, checking access keys, assuming roles, and fetching policy documents — all within IAM scope. Two minor notes: (1) the 'find unused access keys' example uses a hard-coded date (2025-12-31), which is likely a copy/paste or stale example and can produce incorrect results; (2) the assume-role command returns temporary credentials — the instructions do not say how to handle or store them, so an operator should ensure they are handled securely. Otherwise the instructions do not reference unrelated files, env vars, or external endpoints.

✓ Install Mechanism

Instruction-only skill with no install spec. This is low risk because nothing is downloaded or written by the skill itself.

✓ Credentials

No required environment variables or credentials are declared. The skill relies on the operator's configured AWS credentials (as expected for aws CLI usage). No unrelated secrets are requested.

✓ Persistence & Privilege

always is false and the skill is user-invocable. It does not request permanent presence or modify other skills or system-wide settings.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install watadot-aws-iam
安装完成后，直接呼叫该 Skill 的名称或使用 /watadot-aws-iam 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

- Initial release of watadot-aws-iam. - Provides IAM security patterns for managing AWS users, roles, and policy verification. - Includes audit commands for users and access keys, role orchestration, and policy inspection. - Documents security best practices, including MFA enforcement and use of Access Analyzer.

元数据

Slug watadot-aws-iam

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题

Watadot Aws Iam 是什么？

IAM security patterns by Watadot Studio. Manage users, roles, and policy verification. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 265 次。

如何安装 Watadot Aws Iam？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install watadot-aws-iam」即可一键安装，无需额外配置。

Watadot Aws Iam 是免费的吗？

是的，Watadot Aws Iam 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Watadot Aws Iam 支持哪些平台？

Watadot Aws Iam 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Watadot Aws Iam？

由 ordiy（@ordiy）开发并维护，当前版本 v1.0.0。