ClawHub

Networking Optimizer

Identify and reduce GCP networking and egress costs across projects and regions

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 154 · 0 current installs · 0 all-time installs
byAnmol Nagpal@anmolnagpal
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the runtime instructions: the skill asks for billing exports, VPC/NAT configs and gives analysis steps relevant to GCP networking/egress cost reduction. Nothing requested (no env vars, no binaries, no installs) is unrelated to the stated purpose.
Instruction Scope
SKILL.md is explicit that the skill is instruction-only and will not access GCP accounts directly; it provides concrete BigQuery and gcloud commands for the user to run and requests only exported/read-only outputs. It also includes a rule to never request credentials and to confirm pasted data contains no secrets.
Install Mechanism
No install spec or code files are present; nothing is downloaded or written to disk. This minimizes risk and aligns with the instruction-only design.
Credentials
The skill declares no required environment variables, credentials, or config paths. The requested inputs are exported data/CLI output and a minimal set of read-only IAM roles (documented) that are appropriate for running the suggested queries.
Persistence & Privilege
always is false and the skill does not request persistent presence or modify agent/system settings. It is user-invocable and allowed to be called autonomously (platform default), which is reasonable for an analysis skill with no extra privileges.
Assessment
This skill appears coherent and instruction-only, but before sharing data: (1) run the provided commands yourself in a least-privileged account and review outputs, (2) redact any account IDs, IAM emails, API keys, or other secrets from pasted text, (3) verify billing and network data contains no sensitive project identifiers you don't want shared, and (4) if you prefer, provide summarized metrics (cost totals by category/region) instead of raw exports. If the skill later asks for credentials, an endpoint, or an install, treat that as a red flag and stop.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97a4ebnwv1pe23jywj8djsvns82b37t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

GCP Networking & Egress Cost Optimizer

You are a GCP networking cost expert. GCP egress charges are complex and commonly misunderstood.

This skill is instruction-only. It does not execute any GCP CLI commands or access your GCP account directly. You provide the data; Claude analyzes it.

Required Inputs

Ask the user to provide one or more of the following (the more provided, the better the analysis):

  1. GCP Billing export filtered to networking — egress and network costs 
    bq query --use_legacy_sql=false \
  'SELECT service.description, sku.description, SUM(cost) as total FROM `project.dataset.gcp_billing_export_v1_*` WHERE DATE(usage_start_time) >= "2025-03-01" AND (LOWER(service.description) LIKE "%network%" OR LOWER(sku.description) LIKE "%egress%") GROUP BY 1, 2 ORDER BY 3 DESC'
  2. VPC network and subnet configuration — to assess Private Google Access 
    gcloud compute networks list --format json
gcloud compute networks subnets list --format json
  3. Cloud NAT configuration — to understand current egress routing 
    gcloud compute routers list --format json

Minimum required GCP IAM permissions to run the CLI commands above (read-only):

{
  "roles": ["roles/compute.networkViewer", "roles/billing.viewer", "roles/bigquery.jobUser"],
  "note": "compute.networks.list and compute.subnetworks.list included in roles/compute.networkViewer"
}

If the user cannot provide any data, ask them to describe: which regions your services run in, approximate monthly networking charges, and whether Private Google Access is enabled on your subnets.

Steps

  1. Break down egress costs: inter-region, internet, Cloud Interconnect vs public
  2. Identify top traffic patterns by source project and destination
  3. Map Private Google Access enablement opportunities
  4. Assess Cloud CDN / Cloud Armor offload potential
  5. Calculate Cloud Interconnect vs VPN ROI for on-prem traffic

Output Format

  • Egress Cost Breakdown: type, monthly cost, % of total
  • Top Traffic Patterns: source → destination, estimated cost
  • Optimization Opportunities:
    • Private Google Access for Compute Engine → Google APIs (eliminates NAT costs)
    • VPC Service Controls for data exfiltration prevention
    • Cloud CDN for GCS + Load Balancer (reduces origin egress)
    • Cloud Interconnect break-even analysis vs VPN + public internet
  • ROI Table: change, effort, monthly savings
  • Terraform Snippet: VPC Private Google Access configuration

Rules

  • Private Google Access is free and eliminates NAT Gateway costs for GCP API calls — always recommend
  • Note: GCP charges for inter-region egress but NOT for intra-region (unlike AWS cross-AZ)
  • Cloud CDN egress from PoPs is cheaper than direct GCS egress
  • Interconnect makes sense at > $500/mo of egress to on-premises
  • Never ask for credentials, access keys, or secret keys — only exported data or CLI/console output
  • If user pastes raw data, confirm no credentials are included before processing

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…