aws-security-scanner
Scan AWS accounts for security misconfigurations and vulnerabilities. Use when user asks to audit AWS security, check for misconfigurations, find exposed S3 buckets, review IAM policies, check security groups, audit CloudTrail, or run AWS security checks. Covers S3, IAM, EC2, RDS, CloudTrail, and common CIS benchmarks.
Install
mkdir -p .claude/skills/aws-security-scanner && curl -L -o skill.zip "https://mcp.directory/api/skills/download/8896" && unzip -o skill.zip -d .claude/skills/aws-security-scanner && rm skill.zipInstalls to .claude/skills/aws-security-scanner
About this skill
AWS Security Scanner
Audit AWS infrastructure for security issues using AWS CLI.
Prerequisites
- AWS CLI configured (
aws configureor IAM role) - Read permissions for resources being scanned
Quick Scans
S3 Bucket Security
# Find public buckets
aws s3api list-buckets --query 'Buckets[].Name' --output text | tr '\t' '\n' | while read bucket; do
acl=$(aws s3api get-bucket-acl --bucket "$bucket" 2>/dev/null)
policy=$(aws s3api get-bucket-policy --bucket "$bucket" 2>/dev/null)
public_access=$(aws s3api get-public-access-block --bucket "$bucket" 2>/dev/null)
echo "=== $bucket ==="
echo "$acl" | grep -q "AllUsers\|AuthenticatedUsers" && echo "⚠️ PUBLIC ACL"
echo "$policy" | grep -q '"Principal":"\*"' && echo "⚠️ PUBLIC POLICY"
echo "$public_access" | grep -q "false" && echo "⚠️ Public access not fully blocked"
done
IAM Security Issues
# Users without MFA
aws iam generate-credential-report && sleep 5
aws iam get-credential-report --query 'Content' --output text | base64 -d | grep -E "^[^,]+,.*,false" | cut -d',' -f1
# Overly permissive policies (Admin access)
aws iam list-policies --scope Local --query 'Policies[].Arn' --output text | tr '\t' '\n' | while read arn; do
version=$(aws iam get-policy --policy-arn "$arn" --query 'Policy.DefaultVersionId' --output text)
aws iam get-policy-version --policy-arn "$arn" --version-id "$version" --query 'PolicyVersion.Document' | grep -q '"Action":"\*".*"Resource":"\*"' && echo "⚠️ Admin policy: $arn"
done
# Access keys older than 90 days
aws iam list-users --query 'Users[].UserName' --output text | tr '\t' '\n' | while read user; do
aws iam list-access-keys --user-name "$user" --query "AccessKeyMetadata[?CreateDate<='$(date -d '-90 days' +%Y-%m-%d)'].{User:UserName,KeyId:AccessKeyId,Created:CreateDate}" --output table
done
Security Groups
# Open to world (0.0.0.0/0)
aws ec2 describe-security-groups --query 'SecurityGroups[?IpPermissions[?IpRanges[?CidrIp==`0.0.0.0/0`]]].{ID:GroupId,Name:GroupName,VPC:VpcId}' --output table
# SSH open to world
aws ec2 describe-security-groups --filters "Name=ip-permission.from-port,Values=22" "Name=ip-permission.cidr,Values=0.0.0.0/0" --query 'SecurityGroups[].{ID:GroupId,Name:GroupName}' --output table
# RDP open to world
aws ec2 describe-security-groups --filters "Name=ip-permission.from-port,Values=3389" "Name=ip-permission.cidr,Values=0.0.0.0/0" --query 'SecurityGroups[].{ID:GroupId,Name:GroupName}' --output table
CloudTrail Status
# Check if CloudTrail is enabled in all regions
aws cloudtrail describe-trails --query 'trailList[].{Name:Name,IsMultiRegion:IsMultiRegionTrail,LogValidation:LogFileValidationEnabled,S3Bucket:S3BucketName}' --output table
# Check for trails without log validation
aws cloudtrail describe-trails --query 'trailList[?LogFileValidationEnabled==`false`].Name' --output text
RDS Security
# Publicly accessible RDS instances
aws rds describe-db-instances --query 'DBInstances[?PubliclyAccessible==`true`].{ID:DBInstanceIdentifier,Engine:Engine,Endpoint:Endpoint.Address}' --output table
# Unencrypted RDS instances
aws rds describe-db-instances --query 'DBInstances[?StorageEncrypted==`false`].{ID:DBInstanceIdentifier,Engine:Engine}' --output table
EBS Encryption
# Unencrypted EBS volumes
aws ec2 describe-volumes --query 'Volumes[?Encrypted==`false`].{ID:VolumeId,Size:Size,State:State}' --output table
Full Audit Report
Run comprehensive scan and output markdown report:
echo "# AWS Security Audit Report"
echo "Generated: $(date)"
echo ""
echo "## S3 Buckets"
# ... run S3 checks
echo ""
echo "## IAM"
# ... run IAM checks
echo ""
echo "## Security Groups"
# ... run SG checks
# etc.
Severity Levels
| Issue | Severity |
|---|---|
| S3 bucket public | 🔴 Critical |
| SSH/RDP open to world | 🔴 Critical |
| IAM user without MFA | 🟠 High |
| Admin policy attached | 🟠 High |
| CloudTrail disabled | 🟠 High |
| RDS publicly accessible | 🟠 High |
| Unencrypted EBS/RDS | 🟡 Medium |
| Access keys > 90 days | 🟡 Medium |
CIS Benchmark Checks
For comprehensive CIS AWS Foundations Benchmark compliance, check:
- 1.1: Avoid root account usage
- 1.2: MFA on root
- 1.3: Disable unused credentials
- 2.1: CloudTrail enabled
- 2.2: Log file validation
- 4.1: No security groups allow 0.0.0.0/0 to port 22
- 4.2: No security groups allow 0.0.0.0/0 to port 3389
Automation
For scheduled scans, use AWS Config Rules or set up cron:
0 6 * * * /path/to/aws-security-scan.sh | mail -s "Daily AWS Audit" [email protected]
More by openclaw
View all skills by openclaw →You might also like
ui-ux-pro-max
nextlevelbuilder
"UI/UX design intelligence. 50 styles, 21 palettes, 50 font pairings, 20 charts, 8 stacks (React, Next.js, Vue, Svelte, SwiftUI, React Native, Flutter, Tailwind). Actions: plan, build, create, design, implement, review, fix, improve, optimize, enhance, refactor, check UI/UX code. Projects: website, landing page, dashboard, admin panel, e-commerce, SaaS, portfolio, blog, mobile app, .html, .tsx, .vue, .svelte. Elements: button, modal, navbar, sidebar, card, table, form, chart. Styles: glassmorphism, claymorphism, minimalism, brutalism, neumorphism, bento grid, dark mode, responsive, skeuomorphism, flat design. Topics: color palette, accessibility, animation, layout, typography, font pairing, spacing, hover, shadow, gradient."
flutter-development
aj-geddes
Build beautiful cross-platform mobile apps with Flutter and Dart. Covers widgets, state management with Provider/BLoC, navigation, API integration, and material design.
drawio-diagrams-enhanced
jgtolentino
Create professional draw.io (diagrams.net) diagrams in XML format (.drawio files) with integrated PMP/PMBOK methodologies, extensive visual asset libraries, and industry-standard professional templates. Use this skill when users ask to create flowcharts, swimlane diagrams, cross-functional flowcharts, org charts, network diagrams, UML diagrams, BPMN, project management diagrams (WBS, Gantt, PERT, RACI), risk matrices, stakeholder maps, or any other visual diagram in draw.io format. This skill includes access to custom shape libraries for icons, clipart, and professional symbols.
pdf-to-markdown
aliceisjustplaying
Convert entire PDF documents to clean, structured Markdown for full context loading. Use this skill when the user wants to extract ALL text from a PDF into context (not grep/search), when discussing or analyzing PDF content in full, when the user mentions "load the whole PDF", "bring the PDF into context", "read the entire PDF", or when partial extraction/grepping would miss important context. This is the preferred method for PDF text extraction over page-by-page or grep approaches.
godot
bfollington
This skill should be used when working on Godot Engine projects. It provides specialized knowledge of Godot's file formats (.gd, .tscn, .tres), architecture patterns (component-based, signal-driven, resource-based), common pitfalls, validation tools, code templates, and CLI workflows. The `godot` command is available for running the game, validating scripts, importing resources, and exporting builds. Use this skill for tasks involving Godot game development, debugging scene/resource files, implementing game systems, or creating new Godot components.
nano-banana-pro
garg-aayush
Generate and edit images using Google's Nano Banana Pro (Gemini 3 Pro Image) API. Use when the user asks to generate, create, edit, modify, change, alter, or update images. Also use when user references an existing image file and asks to modify it in any way (e.g., "modify this image", "change the background", "replace X with Y"). Supports both text-to-image generation and image-to-image editing with configurable resolution (1K default, 2K, or 4K for high resolution). DO NOT read the image file first - use this skill directly with the --input-image parameter.
Related MCP Servers
Browse all servers
Security ScannerSecurity Scanner analyzes code repositories to find exposed secrets, vulnerabilities, dependency flaws and misconfigurations — fast, accurate protection…
Snyk Agent ScanSecurity scanner for AI agents, MCP servers, and agent skills. Automatically scan code for vulnerabilities, license issues, and security risks in your…
SemgrepSemgrep is a leading code analysis tool that scans code for vulnerabilities, helping developers fix issues swiftly within their workflow.
MCP FortressMCP Fortress — Advanced security scanner that detects vulnerabilities, prompt injection, and tool poisoning to protect your systems.
Security ScannerUse our Security Scanner as a website virus scanner to detect site scanner virus threats, vulnerabilities, and exposed secrets in your code repositories.
Code Audit (Ollama)Scan your website for viruses and vulnerabilities with Code Audit (Ollama). Get a comprehensive site scanner virus check for code quality and security.