playbooks

home / skills / openclaw / skills / azure-infra

azure-infra skill

/skills/bmdhodl/azure-infra

This skill helps you query and monitor Azure resources using the Azure CLI, defaulting to read-only and prompting for confirmation before changes.

npx playbooks add skill openclaw/skills --skill azure-infra

Review the files below or copy the command above to add this skill to your agents.

Files (4)
SKILL.md
2.0 KB
---
name: azure-infra
description: Chat-based Azure infrastructure assistance using Azure CLI and portal context. Use for querying, auditing, and monitoring Azure resources (VMs, Storage, IAM, Functions, AKS, App Service, Key Vault, Azure Monitor, billing, etc.), and for proposing safe changes with explicit confirmation before any write/destructive action.
---

# Azure Infra

## Overview
Use the local Azure CLI to answer questions about Azure resources. Default to read‑only queries. Only propose or run write/destructive actions after explicit user confirmation.

## Quick Start
1. Ensure login: `az account show` (if not logged in, run `az login --use-device-code`).
2. If multiple subscriptions exist, ask the user to pick one; otherwise use the default subscription.
3. Use read‑only commands to answer the question.
4. If the user asks for changes, outline the exact command and ask for confirmation before running.

## Safety Rules (must follow)
- Treat all actions as **read‑only** unless the user explicitly requests a change **and** confirms it.
- For any potentially destructive change (delete/terminate/destroy/modify/scale/billing/IAM credentials), require a confirmation step.
- Prefer `--dry-run` when available and show the plan before execution.
- Never reveal or log secrets (keys, client secrets, tokens).

## Task Guide (common requests)
- **Inventory / list**: use `list`/`show`/`get` commands.
- **Health / errors**: use Azure Monitor metrics/logs queries.
- **Security checks**: RBAC roles, public storage, NSG exposure, Key Vault access.
- **Costs**: Cost Management (read‑only).
- **Changes**: show exact CLI command and require confirmation.

## Subscription & Tenant Handling
- If the user specifies a subscription/tenant, honor it.
- Otherwise use the default subscription from `az account show`.
- When results are subscription‑scoped, state the subscription used.

## References
See `references/azure-cli-queries.md` for common command patterns.

## Assets
- `assets/icon.svg` — custom icon (dark cloud + terminal prompt, Azure‑blue accent)

Overview

This skill provides chat-based Azure infrastructure assistance using the local Azure CLI and portal context. It defaults to read-only inspection of resources and only proposes or runs write/destructive actions after explicit user confirmation. Use it to query, audit, monitor, and plan changes across VMs, Storage, IAM, Functions, AKS, App Service, Key Vault, Azure Monitor, and billing.

How this skill works

I run or suggest Azure CLI commands and explain results, preferring read-only commands like list/show/get and Azure Monitor queries for health and logs. If a change is requested, I outline the exact CLI command, recommend a dry-run or plan when available, and require explicit confirmation before executing anything that modifies or deletes resources. I respect subscription and tenant context and will state which subscription is used for any scoped results.

When to use it

  • Inventory and list resources across subscriptions or a specific subscription
  • Audit security posture: RBAC roles, public storage, NSG exposure, Key Vault access policies
  • Investigate health, errors, and telemetry using Azure Monitor metrics and logs
  • Check cost and billing details via read-only Cost Management queries
  • Prepare safe change plans (scale, update, delete) and get exact CLI commands before execution

Best practices

  • Always verify login with az account show and select the correct subscription when multiple exist
  • Treat actions as read-only by default; require explicit confirmation for any write or destructive change
  • Prefer --dry-run or show a change plan before execution when supported
  • Never display or log secrets; redact keys, client secrets, and tokens in outputs
  • State the subscription and tenant used for any subscription-scoped queries

Example use cases

  • List all VMs in a subscription and produce a short health summary with recommended next checks
  • Audit Key Vault access policies and flag any non-standard access principals
  • Query Azure Monitor for a function app’s recent failures and suggest focused troubleshooting commands
  • Check public accessibility of storage accounts and produce remediation CLI commands (requires confirmation)
  • Produce a cost breakdown for a subscription and highlight top spenders by resource type

FAQ

Will you ever change resources without my approval?

No. All actions are read-only by default. I will only propose changes and will execute them only after you explicitly confirm the exact command.

How do you choose which subscription to use?

If you specify a subscription or tenant I will honor it. Otherwise I use the default from az account show and I will state which subscription was used for the results.

Can you show me potentially destructive commands safely?

Yes. I will show the exact CLI command and recommend using dry-run or additional safeguards. Execution requires your explicit confirmation.