Azure Bicep Deploy
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: azure-bicep-deploy Version: 2.1.0 The skill bundle contains several PowerShell scripts (`deploy.ps1`, `validate.ps1`, and `bicep-build.ps1`) that utilize the `Invoke-Expression` cmdlet to execute Azure CLI commands. This implementation is highly vulnerable to shell command injection because it concatenates user-provided parameters (such as resource group names and file paths) directly into a command string without sanitization. While the scripts' capabilities are aligned with the stated purpose of Azure Bicep deployment, the use of unsafe execution primitives constitutes a significant security risk.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the script is copied and run with unsafe or attacker-influenced inputs, it could execute commands on the user’s machine while the Azure CLI is authenticated.
The script interpolates user-controlled parameters into a command string and executes it with `Invoke-Expression`, so special characters in resource group names, template paths, or parameter paths could cause unintended PowerShell commands to run.
$command = "az deployment group create --resource-group $ResourceGroupName --name $deploymentName --template-file $TemplateFile" ... Invoke-Expression $command
Avoid `Invoke-Expression`; call `az` with structured argument arrays, quote and validate paths/resource names, and require explicit confirmation before deployment commands.
A deployment can change real Azure infrastructure, incur cost, or affect production resources if the wrong subscription, resource group, template, or parameter file is used.
The core workflow runs Azure deployment commands that can create or modify cloud resources. This matches the skill purpose, but it is high-impact and should be user-approved and scoped.
az deployment group create --resource-group <rg-name> --template-file <path-to-bicep> --parameters <params-file>.json
Run `what-if` first, confirm the subscription/resource group/environment, and use least-privilege Azure permissions, especially for staging or production.
The skill can act within the permissions of the selected Azure account and subscription.
The skill relies on the user's existing Azure CLI login and subscription context. That is expected for Azure deployment, but it means actions run with the privileges of the logged-in account.
Azure CLI authenticated (az login) ... az account set --subscription <sub-id>
Use a dedicated least-privilege account or service principal where possible, and verify the active subscription with `az account show` before running deployments.
Users must trust and maintain the local Azure CLI/Bicep installation used to perform deployments.
The skill is instruction-only and has no install spec, but its setup flow depends on external Azure CLI/Bicep tooling. This is normal for the stated purpose, though not declared in registry requirements.
az bicep install # Install Bicep
Install Azure CLI/Bicep from official sources, keep them updated, and verify the tool versions before use.