ClawHub

Kansodata Glue Operator

v0.1.0

Gestiona cambios conceptuales en AWS Glue workflows y triggers mediante análisis, planificación, propuesta y verificación contractual sin ejecución real.

0· 63·0 current·0 all-time
byMarcos CF.@kansodata

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for kansodata/kansodata-glue-operator.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Kansodata Glue Operator" (kansodata/kansodata-glue-operator) from ClawHub.
Skill page: https://clawhub.ai/kansodata/kansodata-glue-operator
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install kansodata/kansodata-glue-operator

ClawHub CLI

Package manager switcher

npx clawhub@latest install kansodata-glue-operator
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (conceptual changes for Glue workflows/triggers) match the SKILL.md: the skill only proposes, plans, diagnoses and verifies contractually and explicitly forbids execution, credentials, SDKs, plugins, persistence and external APIs.
Instruction Scope
Instructions are confined to processing the provided inputs (mode, target, current_state, etc.) and producing structured outputs; they do not instruct reading system files, env vars, or contacting external endpoints. Guardrails require fail-closed behavior and refuse out-of-scope requests.
Install Mechanism
No install spec and no code files (instruction-only). This minimizes risk because nothing is downloaded or written to disk.
Credentials
The skill declares no required env vars, no primary credential and forbids secrets/credentials. There are no disproportionate credential or config requirements.
Persistence & Privilege
The skill does not request permanent presence (always:false), does not modify other skills, and explicitly forbids persistence and external integrations. Normal autonomous invocation is allowed by platform defaults but not required by the skill.
Assessment
This skill appears internally consistent and limited to producing contractual, non-executing plans for Glue workflows and triggers. Before using it, avoid submitting any secrets or live AWS credentials as part of inputs (the skill forbids them, but user-supplied data could still contain secrets and be echoed into outputs). Test with non-sensitive sample inputs to confirm output format meets your policies. Also be mindful that platform-level autonomous invocation could cause the agent to run the skill without an explicit prompt — review agent permissions and integrations you give the agent at the platform level.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b9ew3y40t0906z2j2dqfw3984ztp6
63downloads
0stars
1versions
Updated 1w ago
v0.1.0
MIT-0
Marcos CF.@kansodata
latest
Download

SKILL: kansodata-glue-operator

Proposito

Definir un contrato operativo endurecido para gestionar cambios conceptuales en AWS Glue sin ejecucion real. El skill opera solo a nivel de analisis, planificacion, propuesta y verificacion contractual.

Modos operativos soportados

  • diagnose
  • plan-change
  • apply-change
  • verify

Flujo operativo obligatorio

read -> diagnose -> plan -> validate -> apply -> verify

Inputs aceptados

  • mode: uno de los modos soportados.
  • request_id: identificador de trazabilidad.
  • target: recurso objetivo declarado.
  • scope: debe limitarse a workflows y/o triggers.
  • current_state: estado conocido, evidencia o inventario disponible.
  • constraints: restricciones operativas y de seguridad.
  • acceptance_criteria: criterios verificables de salida.
  • rollback_plan: obligatorio para apply-change.

Outputs esperados

Salida estructurada con:

  • mode
  • status (ok, degraded, rejected)
  • summary
  • in_scope_actions
  • out_of_scope_detected
  • validation
  • rollback
  • evidence
  • next_step

Contrato por modo

diagnose

  • Evalua input, riesgos y desalineaciones.
  • No genera acciones aplicadas.
  • Puede devolver degraded por falta de credenciales o evidencia.

plan-change

  • Genera plan atomico y reversible.
  • Debe mapear cada accion a criterio de aceptacion.
  • Debe incluir validaciones pre y post.

apply-change

  • Produce propuesta de cambio contractual, no ejecucion real.
  • Permite solo acciones orientadas a workflows y triggers.
  • Requiere rollback_plan explicito y validado.

verify

  • Contrasta evidencia contra criterios esperados.
  • Informa cumplimiento, brechas y riesgo residual.
  • No inventa evidencia faltante.

Restricciones obligatorias

  • Solo superficie de escritura conceptual: workflows y triggers.
  • Prohibido modificar o proponer cambios sobre jobs y crawlers.
  • Prohibidos secretos y credenciales.
  • Prohibida ejecucion de codigo y ejecucion real AWS.
  • Prohibido usar SDK runtime.
  • Prohibida persistencia y APIs externas.
  • Prohibida integracion con plugin.
  • Prohibido afirmar acciones no ejecutadas.

Guardrails

  • Fail-closed por defecto.
  • Alcance minimo necesario.
  • Rechazo ante ambiguedad critica.
  • Validacion previa obligatoria antes de apply-change.
  • Verificacion posterior obligatoria para cierre.

Fuera de alcance

  • Runtime operativo real.
  • Automatizacion de despliegues.
  • Administracion de secretos.
  • Acciones sobre recursos fuera de workflows y triggers.

Degradacion segura

Si no hay credenciales AWS o acceso de lectura confiable:

  • operar en modo contractual,
  • marcar status: degraded,
  • detallar limitaciones,
  • entregar diagnostico/plan/verificacion parcial segun evidencia disponible,
  • no simular ejecucion.

Casos de rechazo

status: rejected cuando:

  • el modo no es valido,
  • el scope incluye jobs o crawlers,
  • se solicita ejecucion real,
  • se solicitan secretos/credenciales,
  • no hay rollback para apply-change,
  • el input es insuficiente para operar con seguridad.

Plantillas de respuesta estructurada

Plantilla base

mode: <diagnose|plan-change|apply-change|verify>
status: <ok|degraded|rejected>
summary: <descripcion breve y precisa>
in_scope_actions:
  - <accion permitida sobre workflows/triggers>
out_of_scope_detected:
  - <elemento rechazado o vacio>
validation:
  pre:
    - <resultado de validacion previa>
  post:
    - <resultado de verificacion posterior o N/A>
rollback:
  plan: <pasos de rollback aplicables>
  readiness: <ready|not-ready>
evidence:
  - <fuente concreta o limitacion declarada>
next_step: <siguiente paso seguro o cierre>

Plantilla de rechazo

mode: <modo solicitado>
status: rejected
summary: Solicitud fuera de alcance contractual.
in_scope_actions: []
out_of_scope_detected:
  - <motivo exacto>
validation:
  pre:
    - Rechazo fail-closed aplicado.
  post:
    - N/A
rollback:
  plan: Sin aplicacion de cambios.
  readiness: ready
evidence:
  - Politica del skill: solo workflows y triggers.
next_step: Reformular solicitud dentro de alcance permitido.

Comments

Loading comments...