Defender Posture Reviewer — 实用工具
v1.0.0用于 Cloud 安全保护 Score 和 生成 prioritized remediation roadmap
0· 357·0 当前·0 累计
by 安全扫描
OpenClaw
安全
medium confidenceThe skill is instruction-only and its requests (exported Defender Secure Score, recommendations, alerts) match the described purpose; no credentials or installs are requested, but the package has unknown provenance and a small ambiguity about a 'bash' tool entry.
评估建议
This skill appears coherent for its stated purpose, but consider the following before installing or using it:
- Do not paste credentials, secret keys, or tokens. The skill tells you not to provide credentials — follow that.
- Inspect any exported JSON/CSV before pasting: redact any secrets, but also be aware exports can contain subscription IDs, resource names, and principal IDs (sensitive for privacy and social engineering). Share only the minimum data needed.
- Prefer running the example az c...详细分析 ▾
✓ 用途与能力
Name/description match the runtime instructions: the skill asks users to provide Defender Secure Score exports, recommendation and alert JSONs and then produces prioritized remediation and Azure CLI remediation examples. It does not request unrelated credentials or system access.
ℹ 指令范围
SKILL.md stays within scope (parse exported data, prioritize, produce remediation and CLI commands). It explicitly states it will not execute Azure CLI or access the account. Minor ambiguity: the SKILL header lists 'tools: claude, bash' which could imply shell execution — the doc contradicts that. Also the skill asks users to paste raw exports and instructs to confirm no credentials are present before processing.
✓ 安装机制
No install spec and no code files — instruction-only skill with nothing written to disk. Low install risk.
✓ 凭证需求
No environment variables, keys, or persistent credentials are requested. The sample az CLI commands are read-only and the minimum RBAC role stated is Security Reader (subscription scope), which is appropriate for exporting the listed data.
✓ 持久化与权限
Skill is not always-enabled and doesn't request persistent system-wide privileges or modify other skills. Autonomous invocation is allowed (platform default) but not combined with other high-risk indicators.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
安装命令
点击复制官方npx clawhub@latest install defender-posture-reviewer
镜像加速npx clawhub@latest install defender-posture-reviewer --registry https://cn.longxiaskill.com 镜像可用