auditclaw-azure
Azure compliance evidence collection for auditclaw-grc. 12 read-only checks across storage, NSG, Key Vault, SQL, compute, App Service, and Defender for Cloud.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/mailnike/auditclaw-azureAuditClaw Azure
Companion skill for auditclaw-grc. Collects compliance evidence from Azure subscriptions using read-only API calls.
12 checks | Reader + Security Reader roles only | Evidence stored in shared GRC database
Security Model
- Read-only access: Requires only Reader + Security Reader roles (subscription-level). No write/modify permissions.
- Credentials: Uses
DefaultAzureCredential(service principal env vars,az login, or managed identity). No credentials stored by this skill. - Dependencies: Azure SDK packages (all pinned in requirements.txt)
- Data flow: Check results stored as evidence in
~/.openclaw/grc/compliance.sqlitevia auditclaw-grc
Prerequisites
- Azure credentials configured (service principal or
az login) pip install -r scripts/requirements.txt- auditclaw-grc skill installed and initialized
Commands
- "Run Azure evidence sweep": Run all checks, store results in GRC database
- "Check Azure storage security": Run storage-specific checks
- "Check Azure network security": Run NSG checks
- "Check Azure Key Vault": Run Key Vault checks
- "Check Azure SQL compliance": Run SQL Server checks
- "Check Azure VM encryption": Run compute checks
- "Check Azure App Service": Run App Service checks
- "Check Azure Defender": Run Defender for Cloud checks
- "Show Azure integration health": Last sync, errors, evidence count
Usage
All evidence is stored in the shared GRC database at ~/.openclaw/grc/compliance.sqlite via the auditclaw-grc skill's db_query.py script.
To run a full evidence sweep:
python3 scripts/azure_evidence.py --db-path ~/.openclaw/grc/compliance.sqlite --all
To run specific checks:
python3 scripts/azure_evidence.py --db-path ~/.openclaw/grc/compliance.sqlite --checks storage,network,keyvault
To list available checks:
python3 scripts/azure_evidence.py --list-checks
Check Categories (7 files, 12 findings)
| Check | What It Verifies |
|---|---|
| storage | HTTPS-only transfer, TLS 1.2+, public blob access disabled, network default deny |
| network | NSG no unrestricted SSH (port 22), no unrestricted RDP (port 3389) |
| keyvault | Soft delete + purge protection enabled |
| sql | Server auditing enabled, TDE encryption on all databases |
| compute | VM disk encryption (encryption at host) |
| appservice | HTTPS-only + TLS 1.2+ |
| defender | Defender plans enabled (Standard tier) for critical resource types |
Authentication
Uses DefaultAzureCredential from azure-identity. Supports:
- Service principal:
AZURE_CLIENT_ID+AZURE_TENANT_ID+AZURE_CLIENT_SECRET - Azure CLI:
az login - Managed identity (when running in Azure)
Minimum roles: Reader + Security Reader (subscription-level)
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-mailnike-auditclaw-azure": {
"enabled": true,
"auto_update": true
}
}
}Related Skills
auditclaw-aws
AWS compliance evidence collection for auditclaw-grc. 15 read-only checks across S3, IAM, CloudTrail, VPC, KMS, EC2, RDS, Lambda, EBS, SQS, SNS, Secrets Manager, Config, GuardDuty, and Security Hub.
erpclaw
AI-native ERP for small business. 29 modules, 609 actions. Install this meta-package to get started.
webclaw
Web dashboard for OpenClaw. Browser-based UI for any installed skill. Schema-driven rendering, JWT auth, RBAC, AI chat, real-time updates. Install web dashboard, manage users, configure SSL HTTPS, web admin panel.
auditclaw-grc
AI-native GRC (Governance, Risk, and Compliance) for OpenClaw. 97 actions across 13 frameworks including SOC 2, ISO 27001, HIPAA, GDPR, NIST CSF, PCI DSS, CIS Controls, CMMC, HITRUST, CCPA, FedRAMP, ISO 42001, and SOX ITGC. Manages controls, evidence, risks, policies, vendors, incidents, assets, training, vulnerabilities, access reviews, and questionnaires. Generates compliance scores, reports, dashboards, and trust center pages. Runs security header, SSL, and GDPR scans. Connects to AWS, Azure, GCP, GitHub, and identity providers via companion skills.
auditclaw-github
GitHub compliance evidence collection for auditclaw-grc. 9 read-only checks covering branch protection, secret scanning, 2FA, Dependabot, deploy keys, audit logs, webhooks, CODEOWNERS, and CI/CD security.