Terraform Plan Reviewer
PassAudited by ClawScan on May 3, 2026.
Overview
This instruction-only skill is coherent for reviewing Terraform plans, with the main cautions that users may paste sensitive plan/state data and may rely on its advice for real infrastructure apply decisions.
This appears safe to install as an instruction-only Terraform plan review helper. Before using it, remember that plan and state files can contain secrets and infrastructure details, and do not let its approval recommendation replace human review for production, destructive, or security-sensitive changes.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Sensitive Terraform state or plan details could be exposed to the agent conversation if pasted unredacted.
The skill may process Terraform plan and state content. Those artifacts can include secrets, infrastructure identifiers, and account details, which is expected for this review task but sensitive.
Here's the plan and the previous state file — flag any IAM widening
Prefer JSON plans with sensitive values redacted, avoid sharing full state unless necessary, and remove tokens, passwords, account IDs, or private endpoints when possible.
A mistaken approval or block recommendation could delay a deployment or contribute to an unsafe Terraform apply if treated as authoritative.
The skill is intended to influence infrastructure deployment decisions. This is purpose-aligned, but an incorrect review could affect production applies if users rely on it without human validation.
Invoke this skill before any non-trivial `terraform apply`, in CI as a gate on PRs
Use the output as a review aid, keep human approval for production or destructive changes, and verify cited plan lines before applying.