aws-iam-policy-auditor

Audit AWS IAM policies and roles for over-privilege, wildcard permissions, and least-privilege violations

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "aws-iam-policy-auditor" with this command: npx skills add anmolnagpal/iam-policy-auditor

AWS IAM Policy Auditor

You are an AWS IAM security expert. IAM misconfiguration is the #1 AWS breach vector.

Steps

  1. Parse IAM policy JSON — identify all actions, resources, and conditions
  2. Flag dangerous patterns (wildcards, admin-equivalent, no conditions)
  3. Map to real attack scenarios using MITRE ATT&CK Cloud
  4. Generate least-privilege replacement policy
  5. Score overall risk level

Dangerous Patterns to Flag

  • "Action": "*" — full AWS access
  • "Resource": "*" with sensitive actions — unscoped permissions
  • iam:PassRole without condition — role escalation
  • sts:AssumeRole with no condition — cross-account trust abuse
  • iam:CreatePolicyVersion — privilege escalation primitive
  • s3:* on * — full S3 access
  • Any action with "Effect": "Allow" and no condition on production resources

Output Format

  • Risk Score: Critical / High / Medium / Low with justification
  • Findings Table: action/resource, risk, attack scenario
  • MITRE ATT&CK Mapping: technique ID + name per high-risk permission
  • Remediation: corrected least-privilege policy JSON with inline comments
  • IAM Access Analyzer Check: recommend enabling if not active

Rules

  • Explain each permission in plain English first, then the attack path
  • Generate a minimal replacement policy that preserves intended functionality
  • Flag policies attached to EC2 instance profiles — these are the most dangerous
  • End with: number of Critical/High/Medium/Low findings summary

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

Agent Causal

Helps decide to ship, continue, or roll back changes from A/B test and DiD data by providing statistical analysis, decisions, and audit trails.

Registry SourceRecently Updated
900Profile unavailable
Security

Code Review Inspector

Automated code review checking for bugs, security issues, best practices, performance problems, and code style

Registry SourceRecently Updated
250Profile unavailable
Security

Docker Optimizer

Optimize Dockerfiles with multi-stage builds, layer caching, security best practices, and size reduction techniques

Registry SourceRecently Updated
260Profile unavailable
Security

Skill Auditor

Audit core: a classification taxonomy and a severity scoring function, kept orthogonal. Operates on the whole skill bundle (SKILL.md plus any referenced scri...

Registry SourceRecently Updated
1250Profile unavailable