Infrastructure
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent instruction-only infrastructure guide, but its user-run examples can change cloud resources, use cloud credentials, and set up scheduled backups.
This skill appears safe to install as an instruction-only guide. Before using its commands, verify cloud account, region, resource size, firewall exposure, backup destination, encryption, and retention settings, and use least-privilege credentials.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the generated examples can create billable cloud infrastructure or change network access rules.
The skill documents provider CLI commands that create servers and modify firewall/security-group settings; this is central to its purpose but can affect cost and exposure if run without review.
hcloud server create --name myapp --type cx22 --image ubuntu-24.04 ...; aws ec2 run-instances ...; aws ec2 authorize-security-group-ingress ... --cidr 0.0.0.0/0
Review every command before running it, test in a non-production account when possible, and confirm regions, instance sizes, firewall rules, and costs.
Cloud credentials used with these commands may have authority to create, modify, or delete account resources.
The skill expects cloud credentials for user-run commands, while explicitly saying it does not store or log credential values.
- User sets credentials in their environment - Skill never stores or logs credential values - Commands reference env vars: `$HCLOUD_TOKEN`, `$AWS_ACCESS_KEY_ID`
Use least-privilege provider credentials, avoid pasting secret values into chat, and rotate credentials if they are exposed.
Database backups may contain private user or business data and could be exposed if the destination bucket or credentials are misconfigured.
The backup guidance moves database dumps to external cloud storage, which is expected for backups but may include sensitive application data.
pg_dump -Fc $DATABASE_URL > /tmp/backup_$TIMESTAMP.dump aws s3 cp /tmp/backup_$TIMESTAMP.dump $BUCKET/
Use private buckets, encryption, scoped credentials, retention policies, and restore tests before relying on this backup pattern.
If installed, the backup job will continue running on schedule and may upload or prune backups according to the script.
The documentation includes a cron entry for a recurring backup job; it is disclosed and user-installed, but it creates ongoing automation.
0 3 * * * /opt/scripts/backup-db.sh >> /var/log/backup.log 2>&1
Only add the cron job after reviewing the script, confirming backup destinations and retention, and setting up monitoring for failures.