Terraform Skill
v1.0.0Use when working with Terraform or OpenTofu - creating modules, writing tests (native test framework, Terratest), setting up CI/CD pipelines, reviewing confi...
⭐ 0· 54·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill is a documentation-only guidance pack for Terraform/OpenTofu (modules, testing, CI/CD, security). The included SKILL.md and reference files contain patterns, CI examples, and test guidance that align with the name/description. There are no unrelated binaries, credentials, or unusual install requirements declared.
Instruction Scope
SKILL.md and the reference files include concrete CI examples, shell snippets, and a cleanup script that invoke tools (terraform, tflint, aws CLI, Infracost, Trivy, Checkov) and show usage of CI secrets. These are expected for a Terraform/CICD skill, but several examples show commands that, if copied/executed without review (e.g., curl | bash installers or an AWS cleanup script that terminates instances), could have destructive side effects. The instructions do not direct the agent to read or exfiltrate unrelated local files or secrets, but they do reference common environment variables and GitHub secrets in examples.
Install Mechanism
No install spec and no code files that will be executed. This is lowest-risk: the skill is instruction-only, so nothing is downloaded or written to disk as part of an automated install by the skill itself.
Credentials
The skill declares no required environment variables or primary credential. The content includes examples that reference AWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEY, INFRACOST_API_KEY, CI secrets and environment variables (expected for CI/CD examples). Because these are example snippets and not required by the skill, the requests are proportionate — still, users should avoid pasting secrets into examples or running CI workflows without using their own secure secrets.
Persistence & Privilege
The skill does not request persistent/system-wide privileges. Flags show always:false and model invocation enabled (normal). There is no evidence the skill would modify other skills or system configuration.
Assessment
This is a documentation-only Terraform/OpenTofu skill and appears coherent with its stated purpose — it does not itself request credentials or install code. Before installing or using it: 1) Verify the skill source (registry metadata lists source as unknown / no homepage); prefer installing from a known GitHub repo or the official marketplace entry. 2) Treat the CI and shell examples as templates: review and adapt them (don’t copy/paste blindly). In particular, inspect any curl | bash installers and cleanup scripts that call the AWS CLI (they can terminate resources). 3) Never paste real secrets into examples; use CI secrets or least-privileged credentials. 4) If you want to run the provided scripts/workflows, run them in isolated test accounts/environments and review the commands first. Overall, the skill is coherent and documentation-focused, but standard caution about executing example scripts applies.Like a lobster shell, security has layers — review code before you run it.
latestvk97fmt6rrgzptfar3x7y2gb0bx83r0p0
License
MIT-0
Free to use, modify, and redistribute. No attribution required.