Watadot Aws Cloudwatch
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: watadot-aws-cloudwatch Version: 1.0.0 The skill bundle provides standard AWS CLI commands for CloudWatch observability, including log tailing, metric extraction, and alarm management. All commands in SKILL.md are legitimate administrative actions, and there is no evidence of malicious intent, data exfiltration, or prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked with a broad AWS profile, the agent could view CloudWatch logs, alarms, metrics, and dashboard names available to that identity.
The skill uses the AWS CLI to access CloudWatch logs and metrics, which will operate under the user's configured AWS identity. This is purpose-aligned, but the artifacts do not specify a profile, account, region, or least-privilege role.
requires:\n anyBins: [aws]\n...\naws logs tail /aws/lambda/<function-name> --follow\n...\naws logs filter-log-events --log-group-name <name> --filter-pattern "ERROR"
Use an explicit read-only AWS profile or role limited to the intended account, region, and log groups; add `--profile` and `--region` when running commands.
A log-tail session could continue showing new CloudWatch log entries while it remains active.
The skill documents a raw AWS CLI log-tail command. This is central to the stated log monitoring purpose, but `--follow` will keep streaming until stopped.
aws logs tail /aws/lambda/<function-name> --follow
Run tailing only for the intended log group and stop the command once troubleshooting is complete.