AWS | Amazon Web Services
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent instruction-only AWS helper, but its examples can change AWS resources and privileges, so users should verify the account/profile and approve commands carefully.
Use this as AWS guidance rather than autopilot. Set a least-privilege AWS_PROFILE and region, verify identity with sts before actions, review all mutating or AdministratorAccess commands, and keep secrets out of ~/aws memory files. The provided SKILL.md excerpt is truncated, so review the full file if available.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a mutating AWS command is copied or run without review, it could create charges, alter infrastructure, or change retention/deletion behavior.
The skill documents AWS CLI commands that can alter cloud resources and data lifecycle policies. This is aligned with cost optimization, but running it in the wrong account or bucket could eventually delete data.
aws s3api put-bucket-lifecycle-configuration --bucket my-bucket ... "Expiration": {"Days": 365}Before running AWS create/update/delete/lifecycle commands, verify AWS_PROFILE, region, account ID, target resource names, and prefer Terraform/CloudFormation plans or explicit user approval.
Running this in the wrong account or without MFA/least-privilege controls could create a powerful credential that increases account compromise risk.
The documentation includes a command to create a persistent IAM user with AdministratorAccess. It is visible and relevant to AWS setup, but it is a very broad privilege grant.
aws iam create-user --user-name admin ... aws iam attach-user-policy --user-name admin --policy-arn arn:aws:iam::aws:policy/AdministratorAccess
Prefer IAM Identity Center, roles, MFA, and least-privilege policies; only create administrator users deliberately and after confirming the intended AWS account.
Incorrect or sensitive information in these memory files could influence future AWS advice or expose local details to anyone with filesystem access.
The skill discloses persistent local notes for AWS account context, inventory, and costs. This is purpose-aligned, but future recommendations may rely on whatever is stored there.
Memory lives in `~/aws/` ... memory.md # Account context + preferences ... resources.md # Active infrastructure inventory ... costs.md # Cost tracking + alerts
Keep these files accurate, avoid storing secrets or access keys, and review or delete them when they are no longer needed.