auditclaw-aws

AWS compliance evidence collection for auditclaw-grc. 15 read-only checks across S3, IAM, CloudTrail, VPC, KMS, EC2, RDS, Lambda, EBS, SQS, SNS, Secrets Manager, Config, GuardDuty, and Security Hub.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "auditclaw-aws" with this command: npx skills add mailnike/auditclaw-aws

AuditClaw AWS

Companion skill for auditclaw-grc. Collects compliance evidence from AWS accounts using read-only API calls.

15 checks | Read-only IAM policy | Evidence stored in shared GRC database

Security Model

  • Read-only access: Custom IAM policy with 43 read-only API actions. No write/modify/delete permissions.
  • Credentials: Uses standard AWS credential chain (aws configure, env vars, or IAM instance role). No credentials stored by this skill.
  • Dependencies: boto3==1.34.46 (pinned)
  • Data flow: Check results stored as evidence in ~/.openclaw/grc/compliance.sqlite via auditclaw-grc

Prerequisites

  • AWS credentials configured (aws configure or IAM instance role)
  • pip install -r scripts/requirements.txt
  • auditclaw-grc skill installed and initialized

Commands

  • "Run AWS evidence sweep": Run all checks, store results in GRC database
  • "Check S3 encryption": Run S3-specific checks
  • "Check IAM compliance": Run IAM-specific checks
  • "Check CloudTrail status": Verify CloudTrail configuration
  • "Check VPC security": Review VPC flow logs and security groups
  • "Show AWS integration health": Last sync, errors, evidence count

Usage

All evidence is stored in the shared GRC database at ~/.openclaw/grc/compliance.sqlite via the auditclaw-grc skill's db_query.py script.

To run a full evidence sweep:

python3 scripts/aws_evidence.py --db-path ~/.openclaw/grc/compliance.sqlite --all

To run specific checks:

python3 scripts/aws_evidence.py --db-path ~/.openclaw/grc/compliance.sqlite --checks iam,s3,cloudtrail

Check Categories (15)

CheckWhat It Verifies
iamPassword policy, MFA enforcement, access key rotation, unused credentials
s3Default encryption, public access blocks, versioning, access logging
cloudtrailTrail enabled, multi-region, log validation, S3 delivery
vpcFlow logs enabled, security group rules, NACL configuration
kmsKey rotation enabled, key policies, key usage
ec2IMDSv2 enforcement, EBS encryption, public IP exposure
rdsStorage encryption, automated backups, public accessibility
security_hubSecurity Hub enabled, active findings by severity
guarddutyDetector enabled, active findings, threat intelligence
lambdaRuntime currency, public access, VPC attachment
cloudwatchLog group retention policies, metric alarm coverage
configConfig recorder active, rule compliance status
eks_ecsContainer cluster encryption, logging, network policies
elbHTTPS listeners, WAF association, access logging
credential_reportFull IAM credential report analysis

Evidence Storage

Each check produces evidence items stored with:

  • source: "aws"
  • type: "automated"
  • control_id: Mapped to relevant SOC2/ISO/HIPAA controls
  • description: Human-readable finding summary
  • file_content: JSON details of the check result

IAM Policy

See scripts/iam-policy.json for the minimum IAM permissions needed. Use the principle of least privilege; the policy uses read-only permissions only.

Setup Guide

When a user asks to set up AWS integration, guide them through these steps:

Step 1: Create IAM Policy

Direct the user to AWS Console → IAM → Policies → Create Policy → JSON tab. The exact policy is in scripts/iam-policy.json. Show it with: python3 {baseDir}/../auditclaw-grc/scripts/db_query.py --action show-policy --provider aws

The policy contains 43 read-only API actions across 14 AWS services. No write/modify/delete permissions.

Step 2: Create IAM User

Name: auditclaw-scanner. Attach the AuditClawReadOnly policy. CLI: aws iam create-user --user-name auditclaw-scanner

Step 3: Generate Access Keys

Security Credentials → Create Access Key → CLI use case. CLI: aws iam create-access-key --user-name auditclaw-scanner

Step 4: Configure Credentials

Store credentials: aws configure or set AWS_ACCESS_KEY_ID + AWS_SECRET_ACCESS_KEY env vars.

Step 5: Verify Connection

Run: python3 {baseDir}/scripts/aws_evidence.py --test-connection This probes each AWS service and reports accessibility.

Do NOT recommend SecurityAudit or ViewOnlyAccess managed policies. They grant far more access than needed. Always use our custom policy from scripts/iam-policy.json.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

security-auditor

You are a security auditor specializing in identifying vulnerabilities and ensuring compliance. Use when: application security, infrastructure security, code...

Registry SourceRecently Updated
170mtsatryan
Security

security-engineer

Expert infrastructure security engineer specializing in DevSecOps, cloud security, and compliance frameworks. Masters security automation, vulnerability mana...

Registry SourceRecently Updated
190mtsatryan
Security

ShieldCortex

Persistent memory and security system for AI agents. Stores memories with semantic search, knowledge graphs, and decay. Scans agent inputs/outputs for prompt...

Registry SourceRecently Updated
1.8K1jarvis-drakon
Security

Ai Citation Audit Kit

Audit AI-generated citations for existence, currency, source-to-claim alignment, and evidence risk before a report, essay, or brief is submitted.

Registry SourceRecently Updated
250Profile unavailable