Azure Infra
@bmdhodl
npx machina-cli add skill @bmdhodl/azure-infra --openclawAzure Infra
Overview
Use the local Azure CLI to answer questions about Azure resources. Default to read‑only queries. Only propose or run write/destructive actions after explicit user confirmation.
Quick Start
- Ensure login:
az account show(if not logged in, runaz login --use-device-code). - If multiple subscriptions exist, ask the user to pick one; otherwise use the default subscription.
- Use read‑only commands to answer the question.
- If the user asks for changes, outline the exact command and ask for confirmation before running.
Safety Rules (must follow)
- Treat all actions as read‑only unless the user explicitly requests a change and confirms it.
- For any potentially destructive change (delete/terminate/destroy/modify/scale/billing/IAM credentials), require a confirmation step.
- Prefer
--dry-runwhen available and show the plan before execution. - Never reveal or log secrets (keys, client secrets, tokens).
Task Guide (common requests)
- Inventory / list: use
list/show/getcommands. - Health / errors: use Azure Monitor metrics/logs queries.
- Security checks: RBAC roles, public storage, NSG exposure, Key Vault access.
- Costs: Cost Management (read‑only).
- Changes: show exact CLI command and require confirmation.
Subscription & Tenant Handling
- If the user specifies a subscription/tenant, honor it.
- Otherwise use the default subscription from
az account show. - When results are subscription‑scoped, state the subscription used.
References
See references/azure-cli-queries.md for common command patterns.
Assets
assets/icon.svg— custom icon (dark cloud + terminal prompt, Azure‑blue accent)
Overview
Azure Infra provides chat-guided access to Azure resources via the Azure CLI and portal context. It prioritizes read-only queries by default and only proposes or executes changes after explicit user confirmation, making auditing, querying, and monitoring safe and auditable.
How This Skill Works
The tool runs read-only Azure CLI commands by default and answers questions with concrete commands and results. For any potentially destructive or write actions, it presents the exact CLI command, offers a dry-run plan, and requires explicit user confirmation before proceeding, honoring specified subscriptions or tenants when provided.
When to Use It
- Inventory or list Azure resources (VMs, storage, IAM, etc.) to understand current state
- Audit security posture (RBAC, public access, Key Vault access) and monitor for risky configurations
- Check health and performance using Azure Monitor metrics/logs
- Review costs and billing using read-only Cost Management data
- Propose safe changes with explicit confirmation, showing the exact commands and dry-run plan
Quick Start
- Step 1: Verify you're logged in with az account show; run az login --use-device-code if needed
- Step 2: If multiple subscriptions exist, choose the target; otherwise use the default
- Step 3: Ask a question or request a change; for changes, the assistant will show the exact command and require confirmation (dry-run first)
Best Practices
- Always start with read-only queries and only move to changes after confirmation
- Use --dry-run or equivalent to show a plan before execution
- Specify the subscription/tenant to ensure actions target the right scope
- Do not reveal secrets or tokens; never log sensitive data
- Clearly outline the exact CLI commands when proposing changes
Example Use Cases
- List all VMs in the current subscription and their power state
- Identify IAM roles bound to users and detect overly permissive assignments
- Audit a storage account for public access and encryption status
- Query Azure Monitor for CPU and memory trends on a subset of VMs
- Propose a safe scale operation or policy change with a dry-run first
