AWS Infra
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The assistant may query AWS resources using whatever permissions are available in the selected local AWS profile.
The skill intentionally uses the local AWS CLI profile/configuration, which can grant access to sensitive AWS account resources. This is disclosed and purpose-aligned, but users should notice the privilege boundary.
Otherwise use `AWS_PROFILE` / `AWS_REGION` if set, then fall back to `~/.aws/config`.
Use a dedicated least-privileged or read-only AWS profile where possible, specify the intended profile and region, and verify the identity with sts get-caller-identity before relying on results.
If a user confirms a write command, the assistant could help change, scale, delete, or modify AWS resources according to the local profile’s permissions.
The skill can guide AWS CLI operations that mutate cloud resources, but it explicitly requires confirmation and prefers dry-run/planning before such actions.
Only propose or run write/destructive actions after explicit user confirmation.
Review every proposed command, region, account, and resource identifier before confirming; prefer dry-run options and limited-permission roles.
Users relying only on metadata may not realize the skill expects local AWS CLI configuration and AWS account access.
The registry metadata does not declare the AWS CLI or AWS profile/environment usage described in SKILL.md. This is an under-declared setup/credential contract, not hidden code execution.
Required binaries (all must exist): none ... Env var declarations: none ... Primary credential: none
Treat AWS CLI and AWS profile access as prerequisites even though they are not declared in metadata, and configure a constrained profile before use.