Aws Best Practice Research
PassAudited by ClawScan on May 10, 2026.
Overview
This skill looks legitimate, but if you use the optional live check it will read your AWS account configuration and save the results locally.
Safe to consider installing if you need AWS best-practice research. For live assessments, use a least-privileged read-only AWS profile or role, review generated AWS CLI commands, do not provide broad admin or long-lived credentials, and protect the generated report files.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If live assessment is used, the agent can read configuration details for the AWS resources and related account objects allowed by the provided credentials.
The optional assessment uses AWS credentials or profiles to query live cloud resources. This is expected for the feature, but it grants the agent access to account configuration data.
AWS CLI (`aws`) | Live assessment only (Step 8) | Must be configured with read access to the target service
Use a temporary or dedicated read-only IAM role/profile scoped to the target account, region, and services; avoid broad admin credentials.
The live assessment may reveal infrastructure inventory, settings, tags, events, or subscription metadata in the generated output.
The skill documents use of AWS CLI commands to collect live configuration, including some commands that can enumerate related account metadata. The commands shown are read-only and aligned with assessment.
Collect resource configuration (parallel AWS CLI calls) ... aws elasticache describe-replication-groups ... aws sns list-subscriptions --region {REGION} --output jsonReview the AWS CLI commands before running live assessment, especially optional or dynamically derived commands, and keep permissions read-only.
The local report may contain information about cloud topology, encryption, authentication, backups, and other operational settings.
Assessment results are saved to a local markdown report and may include security-relevant AWS configuration details.
Assessment Mode | Target resource provided | `{RESOURCE_ID}-assessment-report.md` ... Resource Summary ... Encryption At Rest ... AuthenticationStore generated reports in a protected workspace, avoid committing them to public repositories, and delete or redact them when no longer needed.
The safety and correctness of documentation retrieval depends partly on the separately installed MCP server and its configuration.
Core functionality relies on an external MCP server that is not bundled in the artifact set.
Depends on aws-knowledge-mcp-server availability; if the MCP server is not configured, the skill cannot run.
Install the MCP server only from a trusted source and review its permissions/configuration separately.