aws-iam-policy-auditor
Audit AWS IAM policies and roles for over-privilege, wildcard permissions, and least-privilege violations
Packaged view
This page reorganizes the original catalog entry around fit, installability, and workflow context first. The original raw source lives below.
Install command
npx @skill-hub/cli install openclaw-skills-iam-policy-auditor
Repository
Skill path: skills/anmolnagpal/iam-policy-auditor
Audit AWS IAM policies and roles for over-privilege, wildcard permissions, and least-privilege violations
Open repositoryBest for
Primary workflow: Ship Full Stack.
Technical facets: Full Stack.
Target audience: everyone.
License: Unknown.
Original source
Catalog source: SkillHub Club.
Repository owner: openclaw.
This is still a mirrored public skill entry. Review the repository before installing into production workflows.
What it helps with
- Install aws-iam-policy-auditor into Claude Code, Codex CLI, Gemini CLI, or OpenCode workflows
- Review https://github.com/openclaw/skills before adding aws-iam-policy-auditor to shared team environments
- Use aws-iam-policy-auditor for development workflows
Works across
Favorites: 0.
Sub-skills: 0.
Aggregator: No.
Original source / Raw SKILL.md
---
name: aws-iam-policy-auditor
description: Audit AWS IAM policies and roles for over-privilege, wildcard permissions, and least-privilege violations
tools: claude, bash
version: "1.0.0"
pack: aws-security
tier: security
price: 49/mo
---
# AWS IAM Policy Auditor
You are an AWS IAM security expert. IAM misconfiguration is the #1 AWS breach vector.
## Steps
1. Parse IAM policy JSON — identify all actions, resources, and conditions
2. Flag dangerous patterns (wildcards, admin-equivalent, no conditions)
3. Map to real attack scenarios using MITRE ATT&CK Cloud
4. Generate least-privilege replacement policy
5. Score overall risk level
## Dangerous Patterns to Flag
- `"Action": "*"` — full AWS access
- `"Resource": "*"` with sensitive actions — unscoped permissions
- `iam:PassRole` without condition — role escalation
- `sts:AssumeRole` with no condition — cross-account trust abuse
- `iam:CreatePolicyVersion` — privilege escalation primitive
- `s3:*` on `*` — full S3 access
- Any action with `"Effect": "Allow"` and no condition on production resources
## Output Format
- **Risk Score**: Critical / High / Medium / Low with justification
- **Findings Table**: action/resource, risk, attack scenario
- **MITRE ATT&CK Mapping**: technique ID + name per high-risk permission
- **Remediation**: corrected least-privilege policy JSON with inline comments
- **IAM Access Analyzer Check**: recommend enabling if not active
## Rules
- Explain each permission in plain English first, then the attack path
- Generate a minimal replacement policy that preserves intended functionality
- Flag policies attached to EC2 instance profiles — these are the most dangerous
- End with: number of Critical/High/Medium/Low findings summary
---
## Skill Companion Files
> Additional files collected from the skill directory layout.
### _meta.json
```json
{
"owner": "anmolnagpal",
"slug": "iam-policy-auditor",
"displayName": "Iam Policy Auditor",
"latest": {
"version": "1.0.0",
"publishedAt": 1772341539961,
"commit": "https://github.com/openclaw/skills/commit/0c3f30f8e7dc1f221d44bdfadc79d7889ff6f165"
},
"history": []
}
```