ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AWS | Amazon Web Services

v1.0.2

Architect, deploy, and optimize AWS infrastructure avoiding cost explosions and security pitfalls.

2· 2.4k·21 current·21 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (AWS guidance, cost/security/deploy) matches the declared needs: the aws CLI binary and guidance-heavy SKILL.md. Commands and files relate to AWS architecture, costs, security, and IaC — appropriate for the stated purpose.
Instruction Scope
The SKILL.md instructs the agent to run many aws CLI commands (sts, describe-*, create-*, put-*) and to read/write a local memory directory at ~/aws. This is consistent with an assistive AWS skill, but the instructions include commands that create resources (VPC endpoints, IAM users/roles, budgets) and change account state — so the agent (or a user following the guidance) could perform impactful operations. The skill implicitly accesses AWS credentials via the CLI config or environment variables.
Install Mechanism
Install spec is a single Homebrew formula (awscli) that produces the aws binary — a reasonable, low-risk install for macOS/Linux Homebrew users. Minor inconsistency: the skill declares support for win32 but only provides a brew install; Windows install steps are not provided.
Credentials
The skill declares no required env vars, which is reasonable because it relies on the aws CLI. However, runtime instructions will use AWS credentials from the environment or ~/.aws/ config and may read/write ~/aws/memory.md. This is proportional to the purpose but means the skill can access whatever permissions the configured AWS profile has — including highly privileged operations if credentials are admin-level.
Persistence & Privilege
The skill stores memory under ~/aws/ (memory.md, resources.md, costs.md) and may persist account context locally. always:false (not force-installed). Autonomous invocation is allowed (platform default). Writing to a user-owned ~/aws directory is expected, but users should be aware that account context and resource inventory will be stored on disk.
Assessment
This skill is coherent for AWS guidance but be cautious: it runs aws CLI commands and will use whatever AWS credentials are available in your environment or ~/.aws/config. Before using it, (1) ensure the CLI is configured with a low-privilege/read-only profile for exploration; (2) review any suggested commands before running them — examples include resource-creating commands (IAM users, VPC endpoints, budgets) that can change billing or security posture; (3) be aware the skill will write files to ~/aws/ containing account/context notes; (4) on Windows you may need a different install method (brew is provided only); and (5) if you plan to let an autonomous agent run commands, limit its AWS permissions with least-privilege roles and use separate billing/ sandbox accounts to avoid accidental costs or privilege escalation.

Like a lobster shell, security has layers — review code before you run it.

latestvk9732hsr802atn69dsg4xse87581t5b8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

☁️ Clawdis
OSLinux · macOS · Windows
Binsaws

Install

Install AWS CLI (Homebrew)
Bins: aws
brew install awscli

Comments