azure-storage-exposure-auditor
Identify publicly accessible Azure Storage accounts and misconfigured blob containers
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/anmolnagpal/storage-exposure-auditorWhat This Skill Does
The Azure Storage & Blob Exposure Auditor is a specialized diagnostic skill for OpenClaw designed to help security teams identify and remediate data exposure vulnerabilities within Microsoft Azure environments. Public blob containers represent one of the most frequent vectors for data breaches. This skill analyzes your Azure infrastructure configuration to pinpoint misconfigurations that could lead to unauthorized data access. By ingesting metadata from your storage accounts—such as network rules, public access settings, and blob-level permissions—it creates a comprehensive security posture report. It does not perform any changes to your infrastructure or store credentials; it serves as an analytical layer for security best practices.
Installation
To integrate this auditing capability into your OpenClaw environment, execute the following command in your terminal:
clawhub install openclaw/skills/skills/anmolnagpal/storage-exposure-auditor
Use Cases
- Compliance Auditing: Automatically verify if all storage accounts in production comply with organizational policies, such as the requirement for HTTPS traffic and private endpoints.
- Threat Mitigation: Quickly assess the blast radius of a potentially public container found during a penetration test.
- Hardening Strategy: Use the generated Bicep and ARM templates to systematically remediate insecure configurations at scale.
- Ransomware Preparedness: Audit storage accounts for missing soft delete or versioning features that are critical for recovering data after an attack.
Example Prompts
- "I have attached my storage account list and container audit logs. Which ones are publicly exposed to the internet and what is the data sensitivity risk?"
- "Review my storage account network rules. Are there any accounts missing private endpoints that should be restricted to our VNet?"
- "Please generate a hardening policy using Bicep for all my storage accounts that currently allow public blob access."
Tips & Limitations
This skill is strictly an instruction-based analytical tool and does not execute Azure CLI commands directly against your subscription. To maximize accuracy, ensure that the data you provide includes both account-level configuration (e.g., allowBlobPublicAccess) and container-level settings. For the best security outcomes, combine these findings with Azure Policy to enforce 'deny' rules across your subscriptions, ensuring that misconfigurations cannot be introduced in the future. Always rotate your shared access keys regularly as per the recommended 90-day cycle.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-anmolnagpal-storage-exposure-auditor": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Related Skills
aws-compliance-analyzer
Map AWS environment against CIS, SOC 2, HIPAA, or PCI-DSS controls with prioritized remediation
aws-terraform-security-reviewer
Review Terraform plans and HCL files for AWS security misconfigurations before deployment
aws-tagging-auditor
Audit AWS resource tagging compliance and identify unallocatable spend for FinOps teams
aws-cloudtrail-threat-detector
Analyze AWS CloudTrail logs for suspicious patterns, unauthorized changes, and MITRE ATT&CK indicators
gcp-bigquery-optimizer
Analyze BigQuery query patterns and storage to dramatically reduce the