Tagging Auditor
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill is coherent for AWS tagging and cost audits, with the main user considerations being account-wide read-only AWS exports and reviewing any generated remediation or policy snippets before use.
Before installing or using this skill, make sure you are comfortable sharing AWS resource tag and cost export data in the session. Do not provide credentials or secret keys. Treat generated SCPs and AWS CLI remediation commands as drafts: review, test, and apply them manually through your normal AWS change process.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user running the example commands may expose broad AWS resource and billing metadata to the analysis session.
The skill provides an account-wide read-only IAM policy for users to export AWS resource tagging and cost data. This is purpose-aligned, but it still gives broad visibility into AWS inventory and spend.
"Action": ["tag:GetResources", "ce:GetCostAndUsage", "ce:ListCostAllocationTags"], "Resource": "*"
Use a read-only AWS role in the intended account, export only the data needed for the audit, and remove or redact anything unrelated before sharing.
If applied without review, generated SCPs or tag commands could block resource creation or alter tags in an AWS environment.
The skill may generate policy snippets or CLI commands that could affect AWS behavior if a user applies them, although the artifacts frame these as output for user review rather than automatic execution.
"SCP Snippet": deny resource creation without required tags (optional) ... "Remediation Plan": prioritized list of resources to tag + AWS CLI tag commands
Review generated policies and commands with an AWS administrator, test in a non-production account, and apply changes manually with normal change controls.