ClawHub

AWS Infra

Chat-based AWS infrastructure assistance using AWS CLI and console context. Use for querying, auditing, and monitoring AWS resources (EC2, S3, IAM, Lambda, ECS/EKS, RDS, CloudWatch, billing, etc.), and for proposing safe changes with explicit confirmation before any write/destructive action.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
3 · 4.2k · 19 current installs · 20 all-time installs
by@bmdhodl
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name and description describe an AWS CLI-based infra helper and the SKILL.md contains appropriate AWS CLI commands and workflows. However, the skill does not declare the 'aws' CLI as a required binary or a primary credential, which is inconsistent with its explicit runtime dependency on the local AWS CLI and the user's AWS credentials/config.
Instruction Scope
Instructions stay within the stated purpose: they instruct the agent to use read-only AWS CLI queries, check identity, consult ~/.aws/config and AWS_PROFILE/AWS_REGION, and require confirmation before destructive actions. There are no instructions to collect or transmit data outside the user's environment or to read unrelated system files.
Install Mechanism
No install spec (instruction-only) — low install risk. There are no downloads or scripts that would write or execute remote code on the host.
Credentials
The skill requests no environment variables or credentials in metadata, but the runtime instructions explicitly rely on AWS credentials (via AWS CLI, AWS_PROFILE, ~/.aws/config). This mismatch is notable: the skill will need access to AWS credentials at runtime, yet none are declared. That creates ambiguity about expected privilege model.
Persistence & Privilege
always:false and no install actions. The skill does not request permanent presence or attempt to modify other skills or system-wide configuration. Autonomous invocation is allowed (platform default) but is not combined here with other red flags.
What to consider before installing
This skill appears to be a normal AWS-CLI helper, but it omits declaring that the 'aws' CLI and access to local AWS credentials are required. Before installing or invoking it: ensure the host has the AWS CLI you expect; be aware the skill will read ~/.aws/config and will run aws commands that use whatever credentials are available (including environment variables or credential files). Only run it in environments where those credentials are safe to use, require explicit confirmation for any write actions, and consider using a least-privilege/profile with read-only permissions for testing. If you need stronger guarantees, ask the publisher to declare 'aws' as a required binary and to document whether the skill needs any specific AWS permissions.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
awsvk97apxxy4mtmp6bpt47yqqzexh801m5finfravk97apxxy4mtmp6bpt47yqqzexh801m5flatestvk97apxxy4mtmp6bpt47yqqzexh801m5f

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

AWS Infra

Overview

Use the local AWS CLI to answer questions about AWS resources. Default to read‑only queries. Only propose or run write/destructive actions after explicit user confirmation.

Quick Start

  1. Determine profile/region from environment or ~/.aws/config.
  2. Start with identity:
    • aws sts get-caller-identity
  3. Use read‑only service commands to answer the question.
  4. If the user asks for changes, outline the exact command and ask for confirmation before running.

Safety Rules (must follow)

  • Treat all actions as read‑only unless the user explicitly requests a change and confirms it.
  • For any potentially destructive change (delete/terminate/destroy/modify/scale/billing/IAM credentials), require a confirmation step.
  • Prefer --dry-run when available and show the plan before execution.
  • Never reveal or log secrets (access keys, session tokens).

Task Guide (common requests)

  • Inventory / list: use list/describe/get commands.
  • Health / errors: use CloudWatch metrics/logs queries.
  • Security checks: IAM, S3 public access, SG exposure, KMS key usage.
  • Costs: Cost Explorer / billing queries (read‑only).
  • Changes: show exact CLI command and require confirmation.

Region & Profile Handling

  • If the user specifies a region/profile, honor it.
  • Otherwise use AWS_PROFILE / AWS_REGION if set, then fall back to ~/.aws/config.
  • When results are region‑scoped, state the region used.

References

See references/aws-cli-queries.md for common command patterns.

Assets

  • assets/icon.svg — custom icon (dark cloud + terminal prompt)

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…