首页龙虾技能列表 › Watadot Aws Iam — 技能工具

Watadot Aws Iam — 技能工具

v1.0.0

[自动翻译] IAM security patterns by Watadot Studio. Manage users, roles, and policy verification.

0· 217·0 当前·0 累计
by @ordiy·MIT-0
下载技能包
License
MIT-0
最后更新
2026/3/17
安全扫描
VirusTotal
无害
查看报告
OpenClaw
安全
high confidence
The skill is an instruction-only AWS IAM helper that merely runs aws CLI commands and requests the aws binary — its requirements and instructions are coherent with its stated purpose.
评估建议
This skill is coherent and appears to do what it says: run aws CLI IAM checks. Before using it: (1) ensure the aws CLI is installed and configured with appropriate, least-privilege credentials (prefer read-only/IAM-read policies for audits); (2) review and adjust the example filters (the access-key check uses a hard-coded 2025-12-31 date — replace with a proper relative date or use aws iam get-access-key-last-used for accuracy); (3) when using sts assume-role, handle temporary credentials secure...
详细分析 ▾
用途与能力
Name/description: IAM management. Declared requirement: aws CLI. No unrelated credentials, binaries, or install steps. The aws CLI is an appropriate and expected dependency for this purpose.
指令范围
SKILL.md contains concrete aws CLI commands for listing users, checking access keys, assuming roles, and fetching policy documents — all within IAM scope. Two minor notes: (1) the 'find unused access keys' example uses a hard-coded date (2025-12-31), which is likely a copy/paste or stale example and can produce incorrect results; (2) the assume-role command returns temporary credentials — the instructions do not say how to handle or store them, so an operator should ensure they are handled securely. Otherwise the instructions do not reference unrelated files, env vars, or external endpoints.
安装机制
Instruction-only skill with no install spec. This is low risk because nothing is downloaded or written by the skill itself.
凭证需求
No required environment variables or credentials are declared. The skill relies on the operator's configured AWS credentials (as expected for aws CLI usage). No unrelated secrets are requested.
持久化与权限
always is false and the skill is user-invocable. It does not request permanent presence or modify other skills or system-wide settings.
安全有层次,运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发,无需署名。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/3/16

- Initial release of watadot-aws-iam. - Provides IAM security patterns for managing AWS users, roles, and policy verification. - Includes audit commands for users and access keys, role orchestration, and policy inspection. - Documents security best practices, including MFA enforcement and use of Access Analyzer.

● 无害

安装命令 点击复制

官方npx clawhub@latest install watadot-aws-iam
镜像加速npx clawhub@latest install watadot-aws-iam --registry https://cn.clawhub-mirror.com

技能文档

Security-first identity and access management patterns.

🚀 Core Commands

Identity Audit

# List all users with ARN and creation date
aws iam list-users --query "Users[].{User:UserName,Arn:Arn,Date:CreateDate}" --output table
# Find unused access keys (90+ days)
aws iam list-users --query "Users[].UserName" --output text | xargs -I {} aws iam list-access-keys --user-name {} --query "AccessKeyMetadata[?Status==\Active\ && CreateDate < \2025-12-31\]"

Role Orchestration

# Assume a role and get temporary credentials
aws sts assume-role --role-arn  --role-session-name "OpenClawSession"
# List policies attached to a specific role
aws iam list-attached-role-policies --role-name  --query "AttachedPolicies[].PolicyName"

Policy Verification

# Get effective policy document
aws iam get-policy-version --policy-arn  --version-id  --query "PolicyVersion.Document"

🧠 Best Practices

  • Never use Root: Use IAM users or SSO roles for daily operations.
  • Short-lived Credentials: Prefer sts assume-role over permanent access keys.
  • MFA Enforcement: Enable Multi-Factor Authentication for all console and sensitive CLI access.
  • Access Analyzer: Regularly run IAM Access Analyzer to find unintended public or cross-account access.
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制

免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制

了解定制服务