Back to skill
Skillv1.0.0
ClawScan security
Terraform Cloud · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 6, 2026, 10:53 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill mostly matches its Terraform Cloud purpose, but the runtime script reads an undocumented .env fallback and contains API path/placeholder bugs — behavior that should be verified before use.
- Guidance
- This skill appears to be a Terraform Cloud CLI and asks only for TFC_TOKEN and TFC_ORG (expected). However: 1) review the bundled scripts/terraform-cloud.py before installing — it will read a .env fallback at $WORKSPACE/.env or ~/.openclaw/workspace/.env (undocumented in SKILL.md). 2) Verify the script's request paths (it leaves '{org}' placeholders and may not substitute them), so test on non-production data first. 3) Use a least-privilege TFC token (limited scope) and avoid placing high-privilege tokens in shared .env files. 4) If you don't trust the publisher, don't install — or run the CLI manually in an isolated environment/VM and inspect behavior during basic operations. If you want, I can point out the exact lines that read the .env and the places where '{org}' is not substituted.
Review Dimensions
- Purpose & Capability
- okName/description, required env vars (TFC_TOKEN, TFC_ORG), and the included Python CLI all align with a Terraform Cloud REST API client.
- Instruction Scope
- concernSKILL.md instructs running the bundled CLI and documents TFC_TOKEN/TFC_ORG, but the script will also attempt to read a .env file from a workspace path (WORKSPACE env or ~/.openclaw/workspace/.env) if the env var is missing — this file access is not documented. The script also accepts full URLs in its request helper and contains several placeholder/formatting bugs (e.g., paths with '{org}' are not substituted) that affect how requests are formed.
- Install Mechanism
- okNo install spec — the skill is instruction-only with a single Python stdlib script. This is low-risk from an install/execution origin perspective.
- Credentials
- concernOnly TFC_TOKEN and TFC_ORG are required and appropriate for Terraform Cloud, but the script will read the WORKSPACE environment variable and a .env file as a fallback. That undocumented filesystem access increases the attack surface (it will parse any .env it finds to extract the declared variables).
- Persistence & Privilege
- okThe skill is not always-enabled and does not request system-wide changes or privileges beyond reading an optional .env file; it does not modify other skills or agent configuration.