storage-exposure-auditor_skill

This skill helps you identify publicly accessible Azure Storage accounts and misconfigured blob containers to reduce data exposure risks.
  • Python

2.6k

GitHub Stars

2

Bundled Files

2 months ago

Catalog Refreshed

3 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill openclaw/skills --skill storage-exposure-auditor

  • _meta.json305 B
  • SKILL.md3.3 KB

Overview

This skill identifies publicly accessible Azure Storage accounts and misconfigured blob containers that expose data. It analyzes exported account, container, and network rule data to produce prioritized findings and remediation templates. The goal is rapid risk identification and actionable hardening guidance without accessing your Azure tenancy directly.

How this skill works

Provide exported Azure storage account and container metadata (account-level public access, container publicAccess, network rules, private endpoints, and related settings). The skill inspects those inputs for unsafe configurations such as account-level public access, anonymous containers, disabled HTTPS, missing soft delete/versioning, permissive SAS usage, and lack of diagnostics. Results include a prioritized findings table, estimated sensitivity based on naming, hardened ARM/Bicep snippets per finding, and SAS token guidance.

When to use it

  • After running read-only Azure CLI queries to export storage account and container configurations.
  • During a security review or pre-deployment audit to ensure no accidental public exposure.
  • When responding to a suspected data leak to quickly map public containers and their risk.
  • Before enabling automated scans or Defender for Storage to prioritize high-risk assets.
  • When preparing policy enforcement (Azure Policy) to deny public blob access org-wide.

Best practices

  • Disable account-level allowBlobPublicAccess and only use scoped, time-limited SAS where needed.
  • Require HTTPS (supportsHttpsTrafficOnly = true) and prefer private endpoints or service endpoints.
  • Enable soft delete for blobs and containers and enable blob versioning for critical data.
  • Rotate shared keys regularly and prefer Entra ID authentication with RBAC; disable shared key access when possible.
  • Enable diagnostic logging and integrate with SIEM and Microsoft Defender for Storage for malware scanning.

Example use cases

  • Audit a subscription after a developer reports a public container created for testing.
  • Produce an executive summary of storage exposure across multiple resource groups.
  • Generate ARM/Bicep remediation snippets to fix specific containers found with anonymous access.
  • Validate that storage accounts used for backups have versioning and soft delete enabled.
  • Assess SAS token usage to find long-lived or overly permissive tokens being used as permanent credentials.

FAQ

No. This skill is instruction-only. You must provide exported, read-only CLI or console output; never share credentials, keys, or secrets.

What minimal data should I provide for a useful audit?

Provide storage account list with public access settings, per-account container lists with publicAccess, and network rule/private endpoint info. The more complete the exports, the more precise the findings.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
storage-exposure-auditor skill by openclaw/skills | VeilStrat