Awscli
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: awscli Version: 0.1.2 The skill is benign. It securely manages AWS Lightsail instances by using `execFile` with arguments passed as an array, preventing shell injection. User-provided instance names are strictly validated against an `ALLOWED_INSTANCES` environment variable, and the `SKILL.md` explicitly instructs the AI agent 'Do NOT generate AWS CLI commands,' mitigating prompt injection risks. There is no evidence of data exfiltration, persistence, or other malicious intent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked on the wrong instance, the skill could cause downtime or restart a service.
The skill can invoke AWS CLI lifecycle operations such as stop, start, and reboot. This matches the stated purpose and is scoped by action handling and instance validation, but these operations can interrupt cloud services.
case "stop":
await runAws([
"lightsail",
"stop-instance",Use a least-privilege IAM role, set ALLOWED_INSTANCES narrowly, and require explicit user approval before start/stop/reboot actions in the surrounding agent workflow.
The skill's real authority depends on the AWS credential profile available on the host, which may have broader permissions than needed.
The skill depends on the user's configured AWS identity. This is expected for AWS management, but the effective permissions are whatever the local AWS CLI credentials allow.
- AWS credentials configured (IAM user or role)
Use a dedicated IAM user or role limited to the required Lightsail actions and intended region/instances.
Users may not realize from the registry metadata alone that the skill needs AWS CLI configuration and AWS account access.
Registry metadata under-declares requirements that SKILL.md and the code rely on, including the AWS CLI, AWS_REGION, ALLOWED_INSTANCES, and AWS credentials. This is a disclosure/setup gap rather than hidden behavior.
Required binaries (all must exist): none; Required env vars: none; Primary credential: none
Before installing, confirm the host has AWS CLI configured intentionally and set AWS_REGION and ALLOWED_INSTANCES explicitly.