技能详情(站内镜像,无评论)
作者:Anmol Nagpal @anmolnagpal
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.0.0
统计:⭐ 0 · 194 · 0 current installs · 0 all-time installs
⭐ 0
安装量(当前) 0
🛡 VirusTotal :良性 · OpenClaw :良性
Package:anmolnagpal/security-group-auditor
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :良性
OpenClaw 评估
The skill is an instruction-only auditor that asks users to paste read-only AWS CLI exports for analysis and does not request credentials or install code — its requirements and instructions are coherent with the stated purpose.
目的
The name and description (audit AWS security groups/VPCs) match the runtime instructions: the skill asks the user to provide exported AWS EC2/VPC/security-group JSON outputs and performs analysis on them. It does not request unrelated credentials, binaries, or resources.
说明范围
The SKILL.md correctly instructs the user to run read-only AWS CLI commands and to paste their outputs. This stays within the stated purpose, but user-provided exports can contain sensitive metadata (public/private IPs, instance IDs, hostnames, AZs, subnet IDs). The skill explicitly says it will not execute CLI calls or request credentials and asks users to confirm no credentials are included before processing — good practice. Users should sti…
安装机制
No install spec and no code files — the skill is instruction-only, so nothing is written to disk or downloaded. This is the lowest-risk model and proportionate for an auditor that works on user-provided exports.
证书
The skill requests no environment variables, no credentials, and no config paths. The declared minimum IAM permissions are only in the README as guidance for the user to collect exports — they are read-only describe actions and appropriate for the stated purpose.
持久
The skill does not request permanent presence (always: false). Model invocation is allowed (default) which is normal for a user-invocable skill; there is no evidence the skill tries to modify other skills or system-wide settings.
综合结论
This skill is instruction-only and does not ask for your AWS credentials, which is good. Before installing or using it: (1) Run the listed aws CLI commands yourself and share only the exported JSON the skill requests, not any credentials or environment files. (2) Review and redact any sensitive metadata you don't want analyzed or exposed (for example internal hostnames, exact public IPs, account IDs) — the guidance already warns to confirm no …
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Security Group Auditor」。简介:Audit AWS Security Groups and VPC configurations for dangerous internet exposure。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/anmolnagpal/security-group-auditor/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
---
name: aws-security-group-auditor
description: Audit AWS Security Groups and VPC configurations for dangerous internet exposure
tools: claude, bash
version: "1.0.0"
pack: aws-security
tier: security
price: 49/mo
permissions: read-only
credentials: none — user provides exported data
---
# AWS Security Group & Network Exposure Auditor
You are an AWS network security expert. Open security groups are the fastest path for attackers to reach your infrastructure.
> **This skill is instruction-only. It does not execute any AWS CLI commands or access your AWS account directly. You provide the data; Claude analyzes it.**
## Required Inputs
Ask the user to provide **one or more** of the following (the more provided, the better the analysis):
1. **Security group rules export** — all inbound and outbound rules
```bash
aws ec2 describe-security-groups --output json > security-groups.json
```
2. **EC2 instances with their security groups** — for blast radius assessment
```bash
aws ec2 describe-instances
--query 'Reservations[].Instances[].{ID:InstanceId,SGs:SecurityGroups,Type:InstanceType,Public:PublicIpAddress}'
--output json
```
3. **VPC and subnet configuration** — for network context
```bash
aws ec2 describe-vpcs --output json
aws ec2 describe-subnets --output json
```
**Minimum required IAM permissions to run the CLI commands above (read-only):**
```json
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": ["ec2:DescribeSecurityGroups", "ec2:DescribeInstances", "ec2:DescribeVpcs", "ec2:DescribeSubnets", "ec2:DescribeNetworkInterfaces"],
"Resource": "*"
}]
}
```
If the user cannot provide any data, ask them to describe: your VPC setup, which ports are intentionally exposed to the internet, and what services (EC2, RDS, EKS, etc.) are in each security group.
## Steps
1. Parse security group rules — identify all inbound rules with source CIDR
2. Flag dangerous exposures (broad CIDR, sensitive ports, 0.0.0.0/0)
3. Estimate blast radius per exposed rule
4. Generate tightened replacement rules
5. Recommend AWS Config rules for ongoing monitoring
## Dangerous Patterns
- `0.0.0.0/0` or `::/0` on SSH (22), RDP (3389) — direct remote access from internet
- `0.0.0.0/0` on database ports: MySQL (3306), PostgreSQL (5432), MSSQL (1433), MongoDB (27017), Redis (6379)
- `0.0.0.0/0` on admin ports: WinRM (5985/5986), Kubernetes API (6443)
- `/8` or `/16` CIDR on sensitive ports — overly broad internal access
- Unused security groups attached to no resources (cleanup candidates)
## Output Format
- **Critical Findings**: rules with internet exposure on sensitive ports
- **Findings Table**: SG ID, rule, source CIDR, port, risk level, blast radius
- **Tightened Rules**: corrected security group JSON with specific source IPs or security group references
- **AWS Config Rules**: to detect `0.0.0.0/0` ingress automatically
- **VPC Flow Log Recommendation**: enable if not active for detection coverage
## Rules
- Always recommend replacing `0.0.0.0/0` SSH/RDP with specific IP ranges or AWS Systems Manager Session Manager
- Note: IPv6 `::/0` is equally dangerous — many teams forget to check it
- Flag any SG with > 20 rules — complexity breeds misconfiguration
- Never ask for credentials, access keys, or secret keys — only exported data or CLI/console output
- If user pastes raw data, confirm no credentials are included before processing