AWS Alert Handler
PassAudited by ClawScan on May 6, 2026.
Overview
This is a transparent local AWS alert parser, with review-worthy but disclosed considerations around webhook spoofing, raw alert data, skipped alarms, and the jq dependency.
This skill appears safe and purpose-aligned for local AWS alert normalization. Before production webhook use, install jq, review the skipped CloudWatch alarm patterns, protect the webhook token, use the documented SNS-signature/authentication mitigation, and strip the raw payload before posting alerts to broad or public channels.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the normalized payload is posted to chat or passed to another skill, sensitive details from the original alert may be exposed.
The skill intentionally carries the full original alert into the normalized output, which may include account IDs, resource identifiers, descriptions, or other sensitive alert context.
`raw` — the original payload, preserved ... If alerts may contain sensitive data, strip `raw` before posting anywhere visible.
Keep the raw field for private triage only, strip it before public or broad chat posting, and treat alert text as untrusted data.
A spoofed webhook request could create fake AWS alerts and trigger unnecessary agent activity or downstream triage.
The optional webhook path can route external HTTP payloads into an agent turn, and the documentation discloses that direct SNS signature verification is not performed by OpenClaw.
SNS HTTPS delivery does NOT carry your bearer token by default ... OpenClaw does not verify ... Anyone who knows your webhook URL and token can POST AWS-looking JSON.
Use a high-entropy bearer token, restrict the endpoint, and for production prefer the documented Lambda, reverse-proxy, or EventBridge API destination pattern that verifies or injects authentication.
If one of the skipped alarm-name patterns is meaningful in your environment, a real operational signal could be ignored.
The skill deliberately suppresses downstream handling for known non-incident CloudWatch alarm patterns.
On exit 10, drop the event: do not invoke downstream handling, do not post to chat.
Review the documented noise-filter patterns before production use, and fork or adjust the filter if your organization relies on any of those alarm names.
The skill may fail at runtime on systems without jq even though installation metadata does not warn about it.
The runtime dependency on jq is explicit in the script, while the supplied registry requirements declare no required binaries.
if ! command -v jq >/dev/null 2>&1; then ... jq is required but not installed
Install jq before use, and the publisher should declare jq in the skill requirements.
Users deploying the webhook path must protect the hook token and grant only the AWS permission needed to subscribe the endpoint.
The optional webhook setup requires a shared hook secret and AWS SNS subscription permission, although the local parser scripts themselves do not access credentials.
token: "a-strong-shared-secret" ... You need `sns:Subscribe` on the topic.
Use least-privilege AWS permissions, rotate and store the hook token securely, and avoid embedding real secrets in shared configuration examples.