Entra Id Auditor — 代码审计工具
v1.0.0用于 over-privileged roles, dangerous 访问 patterns, 和 identity 安全性 gaps
0· 286·0 当前·0 累计
by 安全扫描
OpenClaw
安全
medium confidenceThe skill's requested inputs and runtime instructions are coherent with an Entra ID auditing purpose (it asks for exported JSON, not credentials), but the package has no provenance or homepage so exercise caution before sharing tenant data.
评估建议
This skill appears to do what it claims — it analyzes exported Entra ID data rather than asking for credentials — but there are a few practical precautions: (1) The skill's source/homepage is missing and owner identity is opaque, so only use it if you trust the publisher. (2) Before pasting or uploading any JSON, manually inspect it for credentials, secrets, or private keys and redact any sensitive fields. (3) Prefer using a test or delegated tenant or least-privilege read-only roles (Global Rea...详细分析 ▾
✓ 用途与能力
Name, description, and SKILL.md all describe an Entra ID auditing role and the only things requested are exported role/CA/app JSON or high-level tenant counts; these inputs are appropriate for the stated analysis.
ℹ 指令范围
Instructions are narrowly scoped: they explicitly ask the user to provide exported JSON or high-level answers and state the skill will not request credentials. The skill also tells users to confirm pasted data has no credentials. Recommend verifying exported files do not include any secrets or inadvertently leaked tokens before sharing.
✓ 安装机制
Instruction-only skill with no install spec and no code files — nothing is written to disk and no third-party packages are installed.
✓ 凭证需求
The skill declares no required environment variables, no primary credential, and asks users to supply exported data. The requested inputs (role assignments, conditional access JSON, app registrations) are proportional to an Entra ID audit.
✓ 持久化与权限
always is false, model invocation and invocation autonomy are standard. The skill does not request persistent system presence or modify other skills or global agent settings.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
安装命令
点击复制官方npx clawhub@latest install entra-id-auditor
镜像加速npx clawhub@latest install entra-id-auditor --registry https://cn.longxiaskill.com 镜像可用