ClawHub

Spot Strategy

v1.0.0

Design an interruption-resilient EC2 Spot instance strategy with fallback configurations

0· 282·0 current·0 all-time
byAnmol Nagpal@anmolnagpal
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description ask for Spot strategy design and the SKILL.md only requests EC2 inventory, ASG config, and cost data — all are expected inputs for this purpose. No unrelated credentials, binaries, or installs are requested.
Instruction Scope
The skill asks users to paste AWS CLI/console output (describe-instances, ASG, cost reports). This is appropriate for analysis but may include sensitive metadata (account IDs, instance IDs, private IPs, tags, AMI IDs). The SKILL.md explicitly forbids asking for credentials and asks to confirm no credentials are included before processing — that's good practice.
Install Mechanism
Instruction-only skill with no install spec and no code files; nothing is written to disk or downloaded.
Credentials
No environment variables, credentials, or config paths are requested. The SKILL.md recommends only read-only CLI outputs and provides a minimal read-only IAM policy for those who want to run the commands themselves.
Persistence & Privilege
The skill does not request persistent/always-on presence (always:false) and does not ask to modify other skills or system settings. Model invocation is allowed (default), which is normal for skills and acceptable here.
Assessment
This skill appears coherent and appropriate for designing Spot strategies. Before sharing data: verify any pasted CLI/console output contains no access keys or secrets (the skill requests only read-only outputs), consider redacting tags, account IDs, private IPs, or other identifiers if you are uncomfortable sharing them, and provide the minimum necessary data (a sample of instances or a summary) rather than full dumps when possible. If you prefer, run the AWS CLI locally and paste only the specific JSON blocks the skill requests. The skill’s explicit rule to never ask for credentials is good — don't provide keys or secret values under any circumstances.

Like a lobster shell, security has layers — review code before you run it.

latestvk971rnhbmfjf62wngpjkz5kwt9822qbk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments