Aws Best Practice Research
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: aws-best-practice-research Version: 1.0.0 The skill is designed to research AWS best practices and perform live resource audits using the AWS CLI and an MCP server. It is classified as suspicious because it explicitly instructs the agent to perform high-risk operations, such as sourcing user-provided credential files (`source <credential-file-path>`) and executing shell commands via the AWS CLI and jq (`SKILL.md`, `assessment-workflow.md`). While these capabilities are plausibly necessary for the stated purpose of auditing AWS environments, they represent a significant attack surface for arbitrary code execution if the agent is provided with malicious input files. No evidence of intentional malice, data exfiltration, or unauthorized persistence was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If live assessment is used, the agent can read configuration details for the AWS resources and related account objects allowed by the provided credentials.
The optional assessment uses AWS credentials or profiles to query live cloud resources. This is expected for the feature, but it grants the agent access to account configuration data.
AWS CLI (`aws`) | Live assessment only (Step 8) | Must be configured with read access to the target service
Use a temporary or dedicated read-only IAM role/profile scoped to the target account, region, and services; avoid broad admin credentials.
The live assessment may reveal infrastructure inventory, settings, tags, events, or subscription metadata in the generated output.
The skill documents use of AWS CLI commands to collect live configuration, including some commands that can enumerate related account metadata. The commands shown are read-only and aligned with assessment.
Collect resource configuration (parallel AWS CLI calls) ... aws elasticache describe-replication-groups ... aws sns list-subscriptions --region {REGION} --output jsonReview the AWS CLI commands before running live assessment, especially optional or dynamically derived commands, and keep permissions read-only.
The local report may contain information about cloud topology, encryption, authentication, backups, and other operational settings.
Assessment results are saved to a local markdown report and may include security-relevant AWS configuration details.
Assessment Mode | Target resource provided | `{RESOURCE_ID}-assessment-report.md` ... Resource Summary ... Encryption At Rest ... AuthenticationStore generated reports in a protected workspace, avoid committing them to public repositories, and delete or redact them when no longer needed.
The safety and correctness of documentation retrieval depends partly on the separately installed MCP server and its configuration.
Core functionality relies on an external MCP server that is not bundled in the artifact set.
Depends on aws-knowledge-mcp-server availability; if the MCP server is not configured, the skill cannot run.
Install the MCP server only from a trusted source and review its permissions/configuration separately.