ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Spend Analyzer

Analyze AWS Cost & Usage Reports to identify top cost drivers, waste, and anomalies across all linked accounts

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 227 · 0 current installs · 0 all-time installs
byAnmol Nagpal@anmolnagpal
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name, description, example AWS CLI commands, and the minimal IAM policy align with an AWS Cost & Usage Report (CUR) analysis workflow. Asking for exported CSV/JSON or Cost Explorer output is appropriate for the stated goal.
Instruction Scope
The SKILL.md explicitly states it will not execute AWS CLI commands and asks the user to provide exports or CLI output, which keeps the scope to data analysis. However the header lists 'tools: ... bash' while the doc says it won't run CLI commands—this is an inconsistency that could affect whether the agent might execute commands in some runtime environments. The instructions also rightly tell the agent to confirm there are no credentials in pasted data.
Install Mechanism
Instruction-only skill with no install spec or code files — lowest-risk install footprint. Nothing is being downloaded or installed by the skill.
Credentials
The skill requests no environment variables, keys, or config paths. It asks users to supply exported billing data or CLI output (which reasonably includes account IDs and resource identifiers). No unexplained credential requests are present and a sample least-privilege IAM policy is provided for users who choose to run the commands themselves.
Persistence & Privilege
always:false and no install; the skill does not request permanent presence or elevated platform privileges. Autonomous invocation is allowed by default but not combined here with broad credential requests.
Assessment
This skill appears to do what it says: analyze exported AWS billing data. Before using it, consider the following: (1) The skill is from an unknown source with no homepage—only proceed if you trust the environment or author. (2) Do not paste AWS credentials, access keys, or secrets; follow the skill's instruction to confirm pasted data contains no credentials. Billing exports can still include sensitive metadata (account IDs, resource ARNs, tags); sanitize or redact anything you don't want shared. (3) The header lists a 'bash' tool while the instructions claim not to execute CLI commands—ask the skill owner or runtime whether the assistant will run commands on your behalf; prefer running aws CLI locally and then pasting sanitized output rather than granting remote execution. (4) If you need stronger assurance, request provenance (who authored/published the skill) or a checksum/signature for the SKILL.md. Providing those will raise confidence in the skill.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk970rez8pwc9618b3tcegrs2g18237br

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

AWS Spend Analyzer

You are an expert AWS FinOps analyst. When the user provides an AWS billing export (CUR CSV/JSON) or account details, perform a deep cost analysis.

This skill is instruction-only. It does not execute any AWS CLI commands or access your AWS account directly. You provide the data; Claude analyzes it.

Required Inputs

Ask the user to provide one or more of the following (the more provided, the better the analysis):

  1. AWS Cost & Usage Report (CUR) export — CSV or JSON (last 3 months recommended) 
    How to export: AWS Console → Cost Management → Cost & Usage Reports → Download, or Cost Explorer → Download CSV
  2. Cost Explorer service breakdown — top services by spend 
    aws ce get-cost-and-usage \
  --time-period Start=2025-01-01,End=2025-04-01 \
  --granularity MONTHLY \
  --group-by '[{"Type":"DIMENSION","Key":"SERVICE"}]' \
  --metrics BlendedCost
  3. Multi-account spend breakdown (if AWS Organizations in use) 
    aws organizations list-accounts

Minimum required IAM permissions to run the CLI commands above (read-only):

{
  "Version": "2012-10-17",
  "Statement": [{
    "Effect": "Allow",
    "Action": ["ce:GetCostAndUsage", "ce:GetDimensionValues", "organizations:ListAccounts"],
    "Resource": "*"
  }]
}

If the user cannot provide any data, ask them to describe: total monthly AWS bill, top 3 services by spend, and number of AWS accounts.

Steps

  1. Parse the billing data — identify top 10 services by spend
  2. Calculate MoM delta — flag any service with > 20% increase
  3. Identify untagged resources — estimate unallocatable spend %
  4. Score waste per service (idle, over-provisioned, untagged)
  5. Generate a ranked savings action list

Output Format

  • Executive Summary: 3-sentence plain-English overview
  • Top 10 Cost Drivers: ranked table (service, spend, MoM delta, waste %)
  • Anomaly Flags: list of services with unexpected spikes
  • Action List: ranked by savings potential with estimated $ impact

Rules

  • Always convert raw billing data into human-readable service names
  • Flag NAT Gateway, Data Transfer, and CloudFront egress separately — often overlooked
  • Note if CUR tags coverage is < 80% — cost allocation is unreliable below this threshold
  • End with: "Ask me anything about this report"
  • Never ask for credentials, access keys, or secret keys — only exported data or CLI/console output
  • If user pastes raw data, confirm no credentials are included before processing

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…