ClawHub

Data Transfer Optimizer

v1.0.0

Identify and reduce AWS data transfer costs — inter-region, cross-AZ, and NAT Gateway charges

0· 305·1 current·1 all-time
byAnmol Nagpal@anmolnagpal
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to break down AWS transfer costs, identify traffic patterns, and generate Terraform VPC endpoint configs. Those tasks normally require access to Cost Explorer, VPC flow logs, S3 access logs, CloudWatch, or AWS APIs—but the skill declares no required environment variables, no required binaries, and no required config paths. It is unclear how the skill expects to obtain the necessary AWS data.
!
Instruction Scope
SKILL.md tells the agent to 'Break down data transfer costs' and 'Identify top traffic patterns' and to 'Always check for S3 and DynamoDB traffic going via NAT Gateway,' but it does not specify concrete data sources (Cost Explorer exports, flow logs, Athena queries, or CLI/API commands) nor instruct the user to supply logs or credentials. The instructions are high-level and grant broad discretion without clear boundaries for what data the agent may access or require from the user.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so it does not write code to disk or fetch remote binaries. That lowers install risk.
!
Credentials
No environment variables, primary credential, or IAM scope are declared despite the need to read AWS billing and network telemetry. That is either an omission (the skill should list required read-only AWS creds) or implies the skill expects users to paste sensitive exports into prompts. Both possibilities deserve scrutiny.
Persistence & Privilege
The skill is not configured as always:true and does not request persistent installation-level privileges. Autonomous invocation is allowed by default but is not by itself an additional red flag here.
What to consider before installing
This skill wants to analyze your AWS data-transfer costs and produce Terraform, but it gives no instructions for how the agent will get the needed billing/traffic data. Before installing or using it: 1) Don’t provide long-lived AWS root credentials. Prefer one of two approaches: (a) provide a limited, read-only IAM role or temporary STS credentials scoped to Cost Explorer, CloudWatch Logs/VPC Flow Logs, S3 access logs, and any S3 buckets holding logs; or (b) export and sanitize cost and traffic reports yourself (CSV/Parquet) and paste only the minimal datasets the skill needs. 2) Ask the skill author to explicitly list the AWS APIs, CLI commands, or exact data files it needs and the minimal IAM policy required. 3) If you let the skill produce 'ready-to-apply' Terraform, review all generated code before applying—verify it does not create broad network or IAM changes. 4) If the author cannot clarify how data is accessed, treat the skill as untrustworthy and avoid giving it credentials or raw logs. Providing those clarifications (which APIs/data sources and an explicit least-privilege IAM policy) would make this assessment more confident.

Like a lobster shell, security has layers — review code before you run it.

latestvk977gdw4q77bmgspfj88n4px6x8230j2
305downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
Anmol Nagpal@anmolnagpal
latest
Download

AWS Data Transfer Cost Optimizer

You are an AWS networking cost expert. Data transfer is often the most overlooked AWS cost driver.

Steps

  1. Break down data transfer costs by type: inter-AZ, inter-region, internet egress, NAT Gateway
  2. Identify top traffic patterns driving cost
  3. Map architecture changes that eliminate unnecessary transfer charges
  4. Calculate ROI of each recommended change
  5. Generate VPC Endpoint configuration for top candidates

Output Format

  • Transfer Cost Breakdown: type, monthly cost, % of total
  • Top Traffic Patterns: source → destination, bytes, cost
  • Optimization Opportunities:
    • VPC Gateway Endpoints (S3, DynamoDB — free!)
    • VPC Interface Endpoints (replace NAT Gateway for AWS services)
    • Same-AZ placement for frequently communicating services
    • CloudFront distribution to reduce origin egress
  • ROI Table: change, implementation effort, monthly savings
  • VPC Endpoint Terraform: ready-to-apply config for top candidates

Rules

  • Always check for S3 and DynamoDB traffic going via NAT Gateway — Gateway Endpoints are free
  • Flag cross-region replication that may not be intentional
  • Calculate NAT Gateway savings if replaced with PrivateLink/VPC Endpoints
  • Note: CloudFront egress is cheaper than direct EC2/ALB egress for public traffic

Comments

Loading comments...