aws-security-scanner
Scan AWS accounts for security misconfigurations and vulnerabilities. Use when user asks to audit AWS security, check for misconfigurations, find exposed S3 buckets, review IAM policies, check security groups, audit CloudTrail, or run AWS security checks. Covers S3, IAM, EC2, RDS, CloudTrail, and common CIS benchmarks.
Why use this skill?
Automate AWS security audits with the OpenClaw AWS Security Scanner. Identify public S3 buckets, insecure IAM policies, and open security groups to harden your cloud infrastructure.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/spclaudehome/aws-security-scannerWhat This Skill Does
The aws-security-scanner skill provides an automated, scriptable interface for conducting security audits within your AWS environment. By leveraging the AWS CLI, it systematically inspects critical infrastructure components to identify misconfigurations that could lead to data exposure or unauthorized access. It focuses on the most common attack vectors, including publicly accessible S3 buckets, overly permissive IAM policies, stale credentials, insecure security group configurations (such as open SSH/RDP ports), and the status of audit trails via CloudTrail. This tool acts as a proactive defense mechanism, allowing developers and system administrators to quickly surface risks that might otherwise go unnoticed in complex cloud setups.
Installation
To integrate this skill into your environment, run the following command in your terminal:
clawhub install openclaw/skills/skills/spclaudehome/aws-security-scanner
Ensure your terminal session has active AWS credentials configured via aws configure or an appropriate IAM execution role, as the tool inherits the permissions of the authenticated user to perform these read-only security checks.
Use Cases
This skill is ideal for:
- Regular Security Audits: Automate weekly compliance checks to ensure infrastructure adheres to CIS benchmarks.
- Incident Response: Quickly verify if an S3 bucket has been accidentally opened to the public during a breach investigation.
- IAM Hardening: Identify users lacking MFA or clean up dormant access keys that pose a security risk.
- Infrastructure Review: Quickly validate that production security groups are restricted to necessary IP ranges.
- Compliance Reporting: Generate snapshots of CloudTrail status and logging validation for audit documentation.
Example Prompts
- "Run a full security audit on my AWS account and flag any public S3 buckets or open security groups."
- "Check my IAM users for those without MFA enabled and identify any access keys older than 90 days."
- "Is CloudTrail enabled and properly configured for log validation across all regions in my AWS account?"
Tips & Limitations
- Permissions: The tool requires sufficient ReadOnly access to your AWS resources. Ensure your execution role includes permissions like
s3:GetBucketAcl,iam:ListUsers, andec2:DescribeSecurityGroups. - Cost: While most commands are read-only and generate minimal costs, frequent execution against very large environments may incur minor API usage fees.
- Scope: This skill provides a baseline audit. For enterprise-grade compliance, it should be used in conjunction with native AWS services like Security Hub or Amazon Inspector.
- Environment: This skill relies on the AWS CLI being pre-installed and authorized in the environment where the OpenClaw agent is running.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-spclaudehome-aws-security-scanner": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: external-api, code-execution
Related Skills
crabnet
Interact with the CrabNet cross-agent collaboration registry. Use when discovering other agents' capabilities, registering your own capabilities, posting tasks for other agents, claiming/delivering work, or searching for agents who can help with specific skills. Enables agent-to-agent collaboration and task exchange.
skill-vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
slack-power-tools
Advanced Slack automation beyond basic messaging. Use when user needs to manage channels (create, archive, invite users), schedule messages, upload files, search workspace, manage user groups, set status/DND, get analytics, or automate Slack workflows. Covers channel ops, user management, scheduled messages, file uploads, search, and workspace analytics.