AWS Infra
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only AWS helper is transparent and purpose-aligned, but it relies on your local AWS profile and can guide AWS CLI changes, so use a least-privileged profile and confirm commands carefully.
Before installing or invoking this skill, configure a dedicated least-privileged AWS profile, specify the intended profile and region, verify the account identity, and do not confirm any write or destructive AWS CLI command until you have reviewed the exact command and target resources.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The assistant may query AWS resources using whatever permissions are available in the selected local AWS profile.
The skill intentionally uses the local AWS CLI profile/configuration, which can grant access to sensitive AWS account resources. This is disclosed and purpose-aligned, but users should notice the privilege boundary.
Otherwise use `AWS_PROFILE` / `AWS_REGION` if set, then fall back to `~/.aws/config`.
Use a dedicated least-privileged or read-only AWS profile where possible, specify the intended profile and region, and verify the identity with sts get-caller-identity before relying on results.
If a user confirms a write command, the assistant could help change, scale, delete, or modify AWS resources according to the local profile’s permissions.
The skill can guide AWS CLI operations that mutate cloud resources, but it explicitly requires confirmation and prefers dry-run/planning before such actions.
Only propose or run write/destructive actions after explicit user confirmation.
Review every proposed command, region, account, and resource identifier before confirming; prefer dry-run options and limited-permission roles.
Users relying only on metadata may not realize the skill expects local AWS CLI configuration and AWS account access.
The registry metadata does not declare the AWS CLI or AWS profile/environment usage described in SKILL.md. This is an under-declared setup/credential contract, not hidden code execution.
Required binaries (all must exist): none ... Env var declarations: none ... Primary credential: none
Treat AWS CLI and AWS profile access as prerequisites even though they are not declared in metadata, and configure a constrained profile before use.