Aws Solution Architect
v2.1.1Design AWS architectures for startups using serverless patterns and IaC templates. Use when asked to design serverless architecture, create CloudFormation te...
⭐ 1· 1.8k·7 current·8 all-time
byAlireza Rezvani@alirezarezvani
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the included artifacts: architecture designer, cost optimizer, and serverless stack generator are present and the SKILL.md describes generating IaC, cost analysis, and deployment. The requested tools and files are proportional to designing AWS solutions.
Instruction Scope
SKILL.md directs running local Python scripts to generate templates and explicitly shows deployment commands (aws cloudformation, cdk deploy, terraform apply) and troubleshooting steps. Those deployment steps will use the user's AWS credentials and can create/delete resources (and incur cost). The instructions do not attempt to read unrelated system files or exfiltrate data, but they do assume the agent/operator has AWS credentials and the ability to run CLI/SDK operations.
Install Mechanism
No install spec is provided (instruction-only with included scripts). Nothing is downloaded from external URLs or installed automatically by the skill, which minimizes installation risk.
Credentials
Registry metadata declares no required env vars, but the code and SKILL.md include AWS CLI/SDK usage (examples with boto3, aws CLI, CDK). This is expected for an AWS architect skill, but users should be aware the scripts and deploy commands require AWS credentials (AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY or configured CLI) and appropriate IAM permissions; those credentials are not requested explicitly in the skill metadata.
Persistence & Privilege
Skill is not always-enabled and is user-invocable. It does not request persistent platform privileges or modify other skills' configs. Autonomous invocation remains possible (platform default) but there are no additional privilege escalations requested by the skill.
Scan Findings in Context
[boto3_usage] expected: Multiple example code blocks and references use boto3 (SecretsManager, Kinesis, DynamoDB). This is appropriate for an AWS-focused skill that demonstrates or automates AWS operations.
[kinesis_put_record] expected: Kinesis producer example appears in references; expected for real-time/data pipeline patterns in the skill.
[secretsmanager_get_secret_value] expected: Examples show retrieving secrets from AWS Secrets Manager. This is expected for code that demonstrates secure secret retrieval but means the generated templates and runbooks will assume secret management is in use.
[aws_cli_deploy_commands] expected: SKILL.md shows aws cloudformation create-stack / cdk deploy / terraform apply commands. These are necessary for deploying generated IaC but will operate with the caller's AWS credentials and can create/delete resources.
Assessment
This skill is coherent for designing and producing AWS architectures, IaC, and cost recommendations. Before using it: 1) Be aware running the publish/deploy commands (aws/cdk/terraform) will use your AWS credentials and can create or delete resources and incur costs — run in a test/sandbox account first. 2) Review generated CloudFormation/CDK/Terraform templates (especially IAM policies) before granting CAPABILITY_IAM or deploying; avoid blindly accepting overly-permissive '*' resources. 3) Provide least-privilege AWS credentials (or use an IAM role with narrow scope) and ensure logs/monitoring and billing alarms are enabled. 4) Verify there are no hardcoded secrets or ARNs in the generated output; the examples show using Secrets Manager (expected) but do not require hardcoding. If you want the agent to perform deployments autonomously, explicitly limit which account/role it may use and test in an isolated environment.Like a lobster shell, security has layers — review code before you run it.
latestvk97csftvap8ng79f6dvw862xmh82jp5d
License
MIT-0
Free to use, modify, and redistribute. No attribution required.