Iam Policy Auditor — 技能工具
v1.0.0[自动翻译] Audit AWS IAM policies and roles for over-privilege, wildcard permissions, and least-privilege violations
0· 400·1 当前·1 累计
by 安全扫描
OpenClaw
安全
medium confidenceThe skill's instructions match its stated purpose (analyzing IAM policy JSON and producing findings/remediations) and it requests no credentials or installs, but there are small ambiguities about whether it expects to fetch policies from an account or run shell commands.
评估建议
This skill looks coherent for auditing IAM policy JSON as long as you supply the policies yourself. Before installing or running it: (1) Do not provide AWS credentials unless you explicitly want the skill to fetch live account attachments—ask the developer how the skill obtains policies. (2) If the skill asks to run shell commands (the SKILL.md lists "bash"), avoid granting shell access or providing files from your system; instead paste the policy JSON directly. (3) Treat the generated...详细分析 ▾
✓ 用途与能力
The name and description (IAM policy auditing) align with the SKILL.md: parse policy JSON, flag dangerous patterns, map to MITRE ATT&CK, and produce least-privilege replacements. The skill declares no required credentials or installs, which is coherent if the user supplies the IAM policy JSON to be audited. One minor oddity: the SKILL.md header lists tools: "claude, bash" — if the implementation actually executes bash or attempts to call remote models to fetch policies, that would require additional permissions/credentials which are not declared.
ℹ 指令范围
The runtime instructions focus on parsing provided IAM policy JSON and producing findings and remediation; they do not instruct reading arbitrary files, environment variables, or contacting external endpoints. However, a few items imply account-level checks (e.g., "flag policies attached to EC2 instance profiles", "recommend enabling IAM Access Analyzer if not active") which would require querying AWS account state. The SKILL.md does not describe how to obtain those artifacts (user paste vs. using AWS credentials). That ambiguity should be clarified before giving the skill access to an AWS account or letting it run shell commands.
✓ 安装机制
No install spec and no code files are present (instruction-only). This is low-risk: nothing will be written to disk or automatically installed by the skill itself.
✓ 凭证需求
The skill declares no required environment variables or primary credentials, which is proportionate for an analysis that works from user-provided policy JSON. If the skill later asks for AWS credentials to fetch attached resources or to check account configuration, that would be an escalation and should be explicitly declared and justified.
✓ 持久化与权限
always is false and there is no installation step that requests persistent presence. The skill is user-invocable and not forced into every agent run, which is appropriate for a tool that performs security audits on demand.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/1
Initial release of aws-iam-policy-auditor skill. - Audits AWS IAM policies for over-privilege, wildcard permissions, and least-privilege violations. - Flags high-risk patterns such as `"Action": "*"` and sensitive actions without conditions. - Maps identified risks to MITRE ATT&CK Cloud techniques. - Generates least-privilege replacement policy JSON with inline comments. - Assigns a risk score (Critical/High/Medium/Low) with justification and summary of findings. - Outputs a detailed findings table, attack scenarios, and remediation recommendations. - Recommends enabling IAM Access Analyzer if not already active.
● 无害
安装命令 点击复制
官方npx clawhub@latest install iam-policy-auditor
镜像加速npx clawhub@latest install iam-policy-auditor --registry https://cn.clawhub-mirror.com
技能文档
You are an AWS IAM security expert. IAM misconfiguration is the #1 AWS breach vector.
Steps
- Parse IAM policy JSON — identify all actions, resources, and conditions
- Flag dangerous patterns (wildcards, admin-equivalent, no conditions)
- Map to real attack scenarios using MITRE ATT&CK Cloud
- Generate least-privilege replacement policy
- Score overall risk level
Dangerous Patterns to Flag
"Action": ""— full AWS access"Resource": ""with sensitive actions — unscoped permissionsiam:PassRolewithout condition — role escalationsts:AssumeRolewith no condition — cross-account trust abuseiam:CreatePolicyVersion— privilege escalation primitives3:on— full S3 access- Any action with
"Effect": "Allow"and no condition on production resources
Output Format
- Risk Score: Critical / High / Medium / Low with justification
- Findings Table: action/resource, risk, attack scenario
- MITRE ATT&CK Mapping: technique ID + name per high-risk permission
- Remediation: corrected least-privilege policy JSON with inline comments
- IAM Access Analyzer Check: recommend enabling if not active
Rules
- Explain each permission in plain English first, then the attack path
- Generate a minimal replacement policy that preserves intended functionality
- Flag policies attached to EC2 instance profiles — these are the most dangerous
- End with: number of Critical/High/Medium/Low findings summary
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制