terraform-engineer
PassAudited by VirusTotal on May 7, 2026.
Overview
Type: OpenClaw Skill Name: ah-terraform-engineer Version: 1.0.0 The skill bundle defines a standard persona and workflow for a Terraform engineer. The content in SKILL.md consists entirely of instructional text and best practices for infrastructure as code (IaC), such as module development, state management, and security compliance. There are no executable scripts, suspicious network calls, or prompt injection attempts designed to exfiltrate data or bypass security controls.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used with tools or credentials, the agent could help make infrastructure changes that affect cost, availability, or security.
Terraform state operations and plan/apply workflows can materially affect cloud infrastructure, but these capabilities are central to a Terraform engineering skill and the artifact also mentions approval gates.
"State management: ... State manipulation" and "CI/CD integration: - Pipeline automation - Plan/apply workflows - Approval gates"
Only allow actual Terraform apply/state changes after reviewing the plan, confirming the target workspace/account, and keeping state backups.
Sensitive infrastructure details or secrets could enter the agent context if broad state files or variable files are shared.
Terraform state files and variables can contain sensitive resource attributes or secrets; reviewing them is purpose-aligned but should be scoped and handled carefully.
"Review existing Terraform code, state files, and module structure" and "Secret handling"
Share only the needed Terraform files, redact secrets where possible, and avoid providing state files unless necessary for the task.