Infrastructure
v1.0.1Design, provision, and connect cloud resources across servers, networks, and services.
⭐ 2· 1k·3 current·3 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description match the provided content: architecture patterns, provider CLI commands, and backup scripts. The skill is instruction-only and intends the user to run commands. It recommends common provider CLIs (hcloud, aws, doctl, docker) which are reasonable for the stated purpose. Minor documentation/metadata mismatch: registry metadata lists no required binaries/env vars while SKILL.md documents required tools and references environment variables the user must set.
Instruction Scope
SKILL.md and the companion files show only guidance, example CLI invocations, and example scripts (cron entry, backup script) that assume the user provides credentials/environment variables and executes commands locally. There are no hidden endpoints, obfuscated code, or instructions to exfiltrate data. The scripts do reference env vars (e.g., $DATABASE_URL, $HCLOUD_TOKEN, AWS creds) and write outputs to /tmp and suggested cron paths — these are expected for backup/infra tooling but should be reviewed before execution.
Install Mechanism
No install spec or remote downloads are present; all files are documentation and sample scripts. The skill only recommends commonly used community CLIs (brew install hcloud/awscli/doctl) and Docker Desktop — nothing fetched or installed automatically by the skill itself.
Credentials
The skill does not declare required env vars in registry metadata, but its content repeatedly references credentials and connection strings (HCLOUD_TOKEN, AWS_ACCESS_KEY_ID, $DATABASE_URL, etc.). This is consistent with its 'user-driven credentials' model, but users should be aware they must supply appropriate credentials locally. Use least-privilege keys and avoid pasting sensitive tokens into shared/public contexts.
Persistence & Privilege
The skill is not always-enabled and is user-invocable. It does not request persistent installation or modify other skills or system-wide settings. It does provide example scripts that a user might install (cron job, /opt/scripts), but these are user actions rather than automatic behavior by the skill.
Assessment
This skill is essentially documentation and examples — not executable code pushed by the skill — so review and adapt everything before running. Specific suggestions: 1) Inspect backup scripts (pg_dump, aws s3 cp and cleanup logic) and replace placeholder bucket names; validate the aws s3 ls parsing/cleanup logic before enabling retention deletion. 2) Use least-privileged IAM credentials and short-lived tokens where possible; never paste long-lived root credentials into chats. 3) Test backup and restore procedures in a safe environment before relying on them. 4) When installing cron jobs or scripts into /opt or /etc, check file permissions and ownership. 5) Verify CLI tool installation and versions from official sources. If you want stronger metadata safety, ask the skill author to declare required env vars and binaries in the registry so automated checks can surface mismatches.Like a lobster shell, security has layers — review code before you run it.
latestvk97day0tbq1kz2c5qnt6v41fa5819khm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🏗️ Clawdis
OSLinux · macOS · Windows