terraform-engineer
AdvisoryAudited by Static analysis on May 7, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used with tools or credentials, the agent could help make infrastructure changes that affect cost, availability, or security.
Terraform state operations and plan/apply workflows can materially affect cloud infrastructure, but these capabilities are central to a Terraform engineering skill and the artifact also mentions approval gates.
"State management: ... State manipulation" and "CI/CD integration: - Pipeline automation - Plan/apply workflows - Approval gates"
Only allow actual Terraform apply/state changes after reviewing the plan, confirming the target workspace/account, and keeping state backups.
Sensitive infrastructure details or secrets could enter the agent context if broad state files or variable files are shared.
Terraform state files and variables can contain sensitive resource attributes or secrets; reviewing them is purpose-aligned but should be scoped and handled carefully.
"Review existing Terraform code, state files, and module structure" and "Secret handling"
Share only the needed Terraform files, redact secrets where possible, and avoid providing state files unless necessary for the task.