Infrastructure as Code security auditor for Terraform (.tf), CloudFormation (YAML/JSON), and Pulumi (TypeScript/Python). Detects 12 high-impact cloud misconfigurations — public S3 buckets, security groups open to 0.0.0.0/0 on SSH/RDP, unencrypted EBS/RDS/S3, wildcard IAM policies, hardcoded credentials, missing deletion protection, public RDS, unrestricted Lambda execution roles, and more. Zero external dependencies (no tfsec/checkov required). Works on any .tf or CloudFormation file. CI fail-gate included.

Install

openclaw skills install @phy041/phy-iac-sec-audit