ClawHub

Terraform Module Linter

v1.0.0

Lint Terraform modules and configurations (.tf files) for structure, naming, security, and best practices. 24 rules across structure, naming, security, and b...

0· 53·0 current·0 all-time
by@charlie-morrison
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Terraform module linter) matches what is included: an instruction document showing how to run the included Python script and a Python linter implementation. No unrelated binaries, env vars, or external services are required.
Instruction Scope
SKILL.md instructs running the bundled script against a user-provided path (file or directory). The script (as shown) reads only .tf files from the specified path, parses HCL-ish blocks with regex, and emits findings; it does not instruct reading arbitrary system config, credentials, or contacting remote endpoints.
Install Mechanism
No install specification is present — this is instruction-only plus a bundled Python script. Nothing is downloaded or written to disk by an installer. Risk from install mechanism is low.
Credentials
The skill requires no environment variables, credentials, or config paths. The code does not reference env vars or external credentials in the provided portion.
Persistence & Privilege
The skill is not always-enabled and does not request persistent privileges. It is user-invocable and can be run by the agent, which is expected for skills. No evidence it modifies other skills or system-wide settings.
Assessment
This skill appears coherent and limited to linting .tf files. Before using it: (1) Review the full script if you need to be 100% certain there is no network I/O in the truncated portion (the visible code performs only local file reads and regex parsing). (2) Expect the internal HCL parser to be simplistic — it may produce false positives or miss complex HCL constructs; test on non-production modules first. (3) The linter will read any files you point it at, so avoid running it on directories containing secrets unless you are comfortable exposing those file contents to the agent's outputs. If you want extra assurance, run the script locally in an isolated environment before granting the agent permission to invoke it.

Like a lobster shell, security has layers — review code before you run it.

latestvk972w6en5kbqgdcxyzeda2gq0x84vfjr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments