AgentConn

Infra Scanner

OpenClaw Advanced DevOps & CI/CD Open Source

Infra Scanner is an OpenClaw skill that performs comprehensive security assessments of your infrastructure — cloud configurations, Kubernetes clusters, Docker images, network configurations, and CI/CD pipelines. It checks against CIS benchmarks, OWASP guidelines, and custom security policies, producing actionable remediation guides.

Input / Output

Accepts

infrastructure-config cloud-credentials Dockerfile

Produces

vulnerability-report compliance-report remediation-guide

Overview

Infrastructure security is a moving target. New CVEs are published daily, cloud services change their defaults, and misconfigurations creep in as teams move fast. Infra Scanner provides continuous security assessment that catches vulnerabilities before attackers do.

The skill scans across multiple infrastructure layers: cloud provider configurations (AWS, Azure, GCP), container images (Docker), orchestration (Kubernetes), network configurations, and CI/CD pipeline definitions. Each finding includes severity classification, affected resources, and step-by-step remediation guides.

Built on OpenClaw for extensibility, you can add custom security policies for your organization’s specific requirements.

How It Works

  1. Connect — Provide read-only access to infrastructure (cloud credentials, kubeconfig, etc.)
  2. Scan — Check configurations against security benchmarks and known vulnerabilities
  3. Classify — Rate findings by severity (Critical, High, Medium, Low)
  4. Report — Generate detailed reports with affected resources and remediation steps
  5. Monitor — Schedule recurring scans and track remediation progress

Use Cases

  • Cloud security audit — Assess AWS/Azure/GCP configurations against CIS benchmarks
  • Container security — Scan Docker images for known CVEs
  • Kubernetes hardening — Verify cluster configurations against security best practices
  • Compliance — Check infrastructure against SOC 2, HIPAA, PCI-DSS requirements
  • CI/CD security — Audit pipeline configurations for secrets exposure and supply chain risks

Getting Started

# Scan AWS infrastructure
infra-scan --provider aws --profile production --benchmark cis

# Scan Kubernetes cluster
infra-scan --provider k8s --kubeconfig ~/.kube/config

# Scan Docker image
infra-scan --image myapp:latest --cve-check

Example

Infrastructure Scan: AWS Production Account

Scanned: 847 resources across 3 regions

🔴 Critical (2):
1. S3 bucket "prod-backups" is publicly accessible
   → Fix: aws s3api put-public-access-block --bucket prod-backups ...
2. RDS instance has no encryption at rest
   → Fix: Enable encryption (requires snapshot + restore)

🟡 High (7):
3. 4 EC2 instances with default security groups
4. CloudTrail not enabled in us-west-2
5. IAM user "deploy-bot" has AdministratorAccess
...

✅ Passing: 834/847 resources (98.5%)

Compliance: CIS AWS Benchmark v2.0
  Score: 89/100
  Failing controls: 6 (2 critical, 4 medium)

Alternatives

  • Prowler — Open-source AWS security assessment tool
  • Trivy — Container and infrastructure vulnerability scanner
  • Checkov — Infrastructure-as-code security scanner

Tags

#security #vulnerability-scanning #infrastructure #compliance #CIS
View on GitHub

Compatible Agents

AI agents that work well with Infra Scanner.

D

Datadog AI

DevOps
P

PagerDuty AIOps

DevOps

Similar Skills

Featured 🔥 Hot
🔧

Chrome DevTools MCP

33.1k

Official Chrome DevTools MCP server — AI agents can debug, profile, inspect DOM, and analyze web performance.

MCP Intermediate
DevOps & CI/CD Open Source
89/100 Updated today
Featured 🔥 Hot
🔧

GitHub MCP Server

28.5k

GitHub's official MCP server — interact with repos, issues, PRs, code search, and notifications via AI agents.

MCP Beginner
DevOps & CI/CD Open Source
88/100 Updated today
🔥 Hot
🔧

AWS MCP Servers

8.7k

Official AWS MCP servers — AI agents interact with S3, Lambda, EC2, CloudFormation, Bedrock, and more.

MCP Advanced
DevOps & CI/CD Open Source
82/100 Updated today