aws-security-group-auditor
Audit AWS Security Groups and VPC configurations for dangerous internet exposure
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/anmolnagpal/security-group-auditorWhat This Skill Does
The AWS Security Group & Network Exposure Auditor is a specialized security analysis tool designed to help cloud engineers and security professionals identify dangerous network configurations. Unlike tools that modify your infrastructure, this skill acts as a static analysis engine. It takes exported JSON data from your AWS environment and cross-references your security group inbound/outbound rules against industry-standard security best practices. It flags overly permissive rules, such as administrative access (SSH, RDP) exposed to the entire internet, and suggests granular, least-privilege alternatives. By leveraging this tool, you can visualize your attack surface and understand the potential blast radius of misconfigured security groups.
Installation
To integrate this skill into your environment, use the OpenClaw CLI provided with your installation package. Run the following command in your terminal:
clawhub install openclaw/skills/skills/anmolnagpal/security-group-auditor
Ensure that you have appropriate read-only IAM permissions (ec2:DescribeSecurityGroups, ec2:DescribeInstances, ec2:DescribeVpcs, ec2:DescribeSubnets) to export the required data for analysis.
Use Cases
- Routine Security Audits: Regularly scan your VPC to catch manual configuration mistakes made by team members during ad-hoc troubleshooting.
- Compliance Preparation: Quickly identify non-compliant ingress rules before a formal security audit or SOC2 review.
- Incident Response Context: Quickly map which instances are exposed to the public internet when a specific security group is compromised.
- Refactoring Network Access: Transitioning from broad CIDR ranges to Security Group-based referencing to improve internal network segmentation.
Example Prompts
- "Here is my security-groups.json export. Please analyze my current inbound rules and list any that are exposed to 0.0.0.0/0 on sensitive ports like 22 or 3306."
- "I have attached my EC2 instance report. Based on these assignments, what is the blast radius if the security group 'sg-0a1b2c3d' is compromised?"
- "My security audit flagged several rules as dangerous. Can you help me rewrite these to use specific internal IP ranges instead of wide CIDR blocks?"
Tips & Limitations
This skill is an instruction-based analysis tool. It does not perform live network traffic analysis or VPC Flow Log deep packet inspection. It only analyzes the state-in-time snapshot you provide. For the most accurate results, ensure your exported data is up-to-date and complete. Always prioritize the remediation of rules granting 0.0.0.0/0 access to administrative and database ports before addressing lower-risk items.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-anmolnagpal-security-group-auditor": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Related Skills
aws-compliance-analyzer
Map AWS environment against CIS, SOC 2, HIPAA, or PCI-DSS controls with prioritized remediation
aws-terraform-security-reviewer
Review Terraform plans and HCL files for AWS security misconfigurations before deployment
azure-storage-exposure-auditor
Identify publicly accessible Azure Storage accounts and misconfigured blob containers
aws-tagging-auditor
Audit AWS resource tagging compliance and identify unallocatable spend for FinOps teams
gcp-bigquery-optimizer
Analyze BigQuery query patterns and storage to dramatically reduce the