Watadot Aws Iam
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run with a privileged AWS profile, the agent may view broad IAM inventory information for the account.
The skill documents AWS CLI commands that can enumerate IAM users and access-key metadata across an AWS account. This is aligned with IAM auditing, but users should understand the account-wide scope before running it.
aws iam list-users --query "Users[].{User:UserName,Arn:Arn,Date:CreateDate}" --output tableRun these commands only against the intended AWS account/profile and prefer least-privilege read-only IAM permissions for audit tasks.
Using this command with a powerful role could give the agent temporary access to sensitive AWS resources.
The skill includes a role-assumption command that can obtain temporary AWS credentials for whatever role ARN is provided. This is expected for IAM role workflows, but it is high-impact account delegation.
aws sts assume-role --role-arn <role-arn> --role-session-name "OpenClawSession"
Only assume roles you intend to use, verify the active AWS account and role permissions, and avoid pasting or exposing temporary credentials in chat or logs.