Azure Networking Audit
v0.1.1Azure VNet networking audit covering address space design, NSG rule evaluation, Azure Firewall policy analysis, ExpressRoute and VPN Gateway connectivity, VN...
⭐ 0· 131·2 current·2 all-time
byVahagn Madatyan@vahagn-madatyan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name and description match the runtime instructions: the skill performs VNet, NSG, Firewall, ExpressRoute, VPN Gateway, peering, and UDR audits via read-only 'az' commands. One inconsistency: the registry-level 'Requirements' block in the provided manifest lists no required binaries, while the SKILL.md metadata and the instructions explicitly require the Azure CLI ('az'). This is likely an authoring/metadata oversight but should be corrected so users know 'az' must be available and authenticated.
Instruction Scope
SKILL.md contains explicit, scoped read-only commands (az network ..., az network nsg rule list, az network firewall show, etc.). Commands and queries are limited to Azure management plane (management.azure.com) and enumerate resources/permissions; the instructions do not ask the agent to read unrelated local files, secrets, or send data to third‑party endpoints.
Install Mechanism
No install spec and no code files — instruction-only. This minimizes filesystem persistence and arbitrary code execution risk. The skill does assume the environment already has the Azure CLI installed, per SKILL.md metadata.
Credentials
The skill requests no environment variables and no embedded credentials, but it requires an authenticated Azure CLI session with Reader-level permissions on the target subscription(s). That's proportionate for a read-only audit. Users should note the skill will run commands against whichever subscription the user's az session points to, and it includes commands that enumerate role assignments and the signed-in user identity (expected for access verification).
Persistence & Privilege
always is false and the skill is user-invocable; it does not request persistent system presence or modify other skills or system settings. Autonomous invocation is allowed by default but does not appear to be combined with other high-risk factors here.
Scan Findings in Context
[no-code-to-scan] expected: The regex-based scanner produced no findings because this is an instruction-only skill (no code files). The SKILL.md itself includes metadata indicating a dependency on 'az' and an egress endpoint to management.azure.com:443, which is consistent with a management-plane CLI audit.
Assessment
This skill is instruction-only and uses read-only Azure CLI commands — it appears to do what it says. Before running: ensure the machine where you run it has the Azure CLI installed and is authenticated into the correct subscription (az account show). Prefer using least-privilege credentials (Reader role) scoped to the target subscription/resource group(s). Be aware the skill will enumerate resource names, IDs, and role assignments in that subscription (normal for an audit). Also note the manifest metadata mismatch: verify the agent environment actually provides 'az' and that you trust any agent or automation that will execute these commands against your subscription.Like a lobster shell, security has layers — review code before you run it.
latestvk974c9wt0j3nxc2qvm4ty0pyp983d327
License
MIT-0
Free to use, modify, and redistribute. No attribution required.