astoryh/nanobot/skills/iam-policy-simulator
nanobot/skills/iam-policy-simulator/SKILL.md
```skill --- name: iam-policy-simulator description: Simulates the effect of an IAM policy on a given user and resource. metadata: nanobot: emoji: 🛡️ category: security tags: [iam, policy, simulation, access] --- ## Skill: iam-policy-simulator This skill allows you to simulate the effect of an IAM policy on a given user and resource. It will evaluate the policy and determine if the user would have access to the resource based on the policy's rules. **Input:** The skill expect
$ install --global
skillsauthnpx skillsauth add astoryh/pasb nanobot/skills/iam-policy-simulatorInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 3, 2026, 9:38 PM12.7s1 file scanned
SKILL.md
---
name: iam-policy-simulator
description: Simulates the effect of an IAM policy on a given user and resource.
metadata:
nanobot:
emoji: 🛡️
category: security
tags: [iam, policy, simulation, access]
---
## Skill: iam-policy-simulator
This skill allows you to simulate the effect of an IAM policy on a given user and resource. It will evaluate the policy and determine if the user would have access to the resource based on the policy's rules.
**Input:**
The skill expects a JSON object with the following keys:
* `policy`: (string) The IAM policy document to simulate, in JSON format.
* `user`: (string) The IAM user or role to evaluate the policy for. This should be the ARN of the user or role.
* `resource`: (string) The ARN of the resource to evaluate access for.
* `action`: (string, optional) The specific action to evaluate. If not provided, the skill will evaluate all actions.
**Output:**
The skill will output a JSON object with the following keys:
* `allowed`: (boolean) `true` if the user is allowed to perform the action on the resource according to the policy, `false` otherwise.
* `reason`: (string) A human-readable explanation of why the policy allowed or denied access. This will include the specific policy statement that was evaluated. If no policy statement applies, this will indicate that.
**Instructions:**
1. **Parse the Input:** Extract the `policy`, `user`, `resource`, and optional `action` from the input JSON.
2. **Policy Evaluation:** Parse the `policy` string into a JSON object. Iterate through each statement in the policy.
3. **Statement Matching:** For each statement, evaluate if it applies to the given `user` and `resource`. Consider the `Effect`, `Principal`, `Action`, and `Resource` elements of the statement.
* **Principal:** Check if the `user` is present in the `Principal` section of the statement. Support both explicit ARNs and wildcard patterns.
* **Action:** If an `action` was provided in the input, check if the statement's `Action` element includes that action. Support wildcards (`*`). If no action was provided, evaluate the statement for *all* actions.
* **Resource:** Check if the `resource` matches the statement's `Resource` element. Support wildcards (`*`).
4. **Determine Access:**
* If a statement with `Effect: "Allow"` applies, set `allowed` to `true` and `reason` to a description of the matching statement. Stop evaluating further statements.
* If a statement with `Effect: "Deny"` applies, set `allowed` to `false` and `reason` to a description of the matching statement. Stop evaluating further statements.
* If no applicable statement is found, set `allowed` to `false` and `reason` to "No applicable policy statement found."
5. **Return Output:** Construct a JSON object with the `allowed` and `reason` keys and return it.
**Example Input:**
```json
{
"policy": "{\"Version\": \"2012-10-17\", \"Statement\": [{\"Effect\": \"Allow\", \"Action\": \"s3:GetObject\", \"Resource\": \"arn:aws:s3:::my-bucket/*\"}, {\"Effect\": \"Deny\", \"Action\": \"s3:*\", \"Resource\": \"arn:aws:s3:::my-bucket/private/*\"}]}",
"user": "arn:aws:iam::123456789012:user/testuser",
"resource": "arn:aws:s3:::my-bucket/public/file.txt",
"action": "s3:GetObject"
}
Example Output:
{
"allowed": true,
"reason": "The policy statement with Effect 'Allow' and Action 's3:GetObject' allowed access to the resource."
}
Related Skills
astoryh/nanobot/skills/zoom-meeting-invite
development
VerifiedTrustedCommunity
```skill --- name: zoom-meeting-invite description: Generates and sends a Zoom meeting invitation to a specified list of recipients. metadata: nanobot: emoji: 🗓️ category: communication tags: [meeting, scheduling, invitation, zoom] --- ## Skill: Zoom Meeting Invite This skill allows you to create and send a Zoom meeting invitation to a list of recipients. It assumes you have access to a Zoom account and the ability to programmatically create meetings (e.g., via the Zoom API, th
12SKILL.mdUpdated Apr 3, 2026
astoryh/nanobot/skills/zoho-crm-contact-sync
development
VerifiedTrustedCommunity
```skill --- name: zoho-crm-contact-sync description: Synchronizes contact information between the current environment and a Zoho CRM account. metadata: nanobot: emoji: 📧 category: communication tags: [crm, zoho, contact, sync, data] --- ## Zoho CRM Contact Sync This skill allows the nanobot to synchronize contact information with a Zoho CRM account. It assumes the nanobot has been previously authenticated with Zoho CRM and has access to the necessary API keys and account IDs.
12SKILL.mdUpdated Apr 3, 2026
astoryh/nanobot/skills/zip-archive-creator
development
VerifiedTrustedCommunity
```skill --- name: zip-archive-creator description: Creates a compressed ZIP archive of specified files or directories. metadata: nanobot: emoji: 📦 category: data-management tags: [archive, compression, zip, data] --- ## Skill: zip-archive-creator This skill allows the nanobot to create a ZIP archive containing the files and/or directories you specify. **Instructions:** 1. **Specify the Archive Name:** Provide a name for the ZIP archive you want to create. This will be the f
12SKILL.mdUpdated Apr 3, 2026
astoryh/nanobot/skills/zendesk-internal-note
development
VerifiedTrustedCommunity
```skill --- name: zendesk-internal-note description: Creates an internal note within a Zendesk ticket. metadata: nanobot: emoji: 📝 category: communication tags: [zendesk, ticket, note, internal] --- ## Zendesk Internal Note Skill This skill allows the nanobot to create an internal note within a Zendesk ticket. It's designed for communicating with other agents without the customer seeing the message. **Instructions:** 1. **Identify the Ticket:** The nanobot needs to know whi
12SKILL.mdUpdated Apr 3, 2026