ClawHub

terraform

v2.53.0

Terraform and OpenTofu configuration, modules, testing, state management, and HCL review. Use when working with Terraform, OpenTofu, HCL, tfvars, tftest, sta...

0· 18·0 current·0 all-time
byIlia Alshanetsky@iliaal
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the instructions: guidance for Terraform/OpenTofu, testing, state management, and HCL patterns. The skill declares no binaries, env vars, or installs, which is reasonable for a documentation-style skill.
Instruction Scope
SKILL.md is a comprehensive set of recommendations and example commands (terraform fmt/validate/test/apply/import, tflint, trivy, checkov, terratest, mock_provider, etc.). This is appropriate for an operational guide, but it implicitly assumes the agent/environment has those tools and cloud credentials available. Some commands referenced (apply, import, force-unlock, apply -replace) can perform destructive changes if executed against live infra — the skill itself only documents them, but they could lead to risk if run automatically.
Install Mechanism
No install spec and no code files — lowest-risk instruction-only skill. Nothing is downloaded or written to disk by the skill itself.
Credentials
The skill requests no environment variables, credentials, or config paths. The examples reference cloud-authenticated operations (assume_role, OIDC, remote backends) sensibly, but do not demand any secrets from the platform.
Persistence & Privilege
always:false and normal invocation settings. The skill does not request persistent or escalated privileges and does not modify other skills or system-wide settings.
Assessment
This is a documentation-style Terraform/OpenTofu guidance skill and appears internally consistent. Before using it, be aware that many example commands require Terraform and tooling (tflint, trivy, checkov, etc.) and cloud credentials to actually run; those commands (terraform apply, import, force-unlock, replace) can change or destroy real infrastructure. If you let an agent invoke this skill autonomously, ensure the agent does not have IAM/cloud credentials with destructive permissions, or require manual approval before running any apply/import/force-unlock operations. If you need the skill only for linting or review, keep it read-only and avoid granting it execution rights against live environments.

Like a lobster shell, security has layers — review code before you run it.

latestvk9705xwaazzf007n2ayqkcs7d984dhsq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments