Watadot Aws Iam
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: watadot-aws-iam Version: 1.0.0 The skill bundle contains standard AWS CLI commands for IAM auditing and management, such as listing users, checking access key ages, and assuming roles. The instructions in SKILL.md align with security best practices and do not exhibit any signs of malicious intent, data exfiltration, or prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run with a privileged AWS profile, the agent may view broad IAM inventory information for the account.
The skill documents AWS CLI commands that can enumerate IAM users and access-key metadata across an AWS account. This is aligned with IAM auditing, but users should understand the account-wide scope before running it.
aws iam list-users --query "Users[].{User:UserName,Arn:Arn,Date:CreateDate}" --output tableRun these commands only against the intended AWS account/profile and prefer least-privilege read-only IAM permissions for audit tasks.
Using this command with a powerful role could give the agent temporary access to sensitive AWS resources.
The skill includes a role-assumption command that can obtain temporary AWS credentials for whatever role ARN is provided. This is expected for IAM role workflows, but it is high-impact account delegation.
aws sts assume-role --role-arn <role-arn> --role-session-name "OpenClawSession"
Only assume roles you intend to use, verify the active AWS account and role permissions, and avoid pasting or exposing temporary credentials in chat or logs.