ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Pilot Cloud Cost Optimizer Setup

v1.0.0

Deploy a cloud cost optimization pipeline with 4 agents. Use this skill when: 1. User wants to set up a FinOps or cloud cost optimization pipeline 2. User is...

0· 19·0 current·0 all-time
byCalin Teodor@teoslayer
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description match the instructions (deploy 4 agents for FinOps). However, a scanner that 'scans cloud resources' and a reporter that posts to Slack/email normally require cloud provider credentials (AWS/GCP/Azure keys or a cloud IAM setup) and notification/webhook tokens—none are declared or described. That omission is disproportionate to the stated purpose and leaves an important gap.
Instruction Scope
SKILL.md gives a narrow, concrete sequence of steps (install skills via clawhub, set hostname with pilotctl, write a JSON manifest to ~/.pilot/setups, perform handshakes). It does not instruct the agent to read unrelated system files or exfiltrate data. However, it is silent about where or how the scanner/bridges obtain the cloud and Slack/email credentials needed to operate; that missing guidance is meaningful for security and operation.
Install Mechanism
This is instruction-only (no install spec), so nothing is written by the skill itself. The instructions call out external installers (clawhub) to fetch additional 'pilot-*' skills; that is expected for this platform but shifts trust to those packages—users should review what clawhub will install.
!
Credentials
The skill declares no required environment variables or config paths, yet the described system clearly needs secrets (cloud provider credentials, Slack webhook or OAuth token, email SMTP credentials, maybe SSH keys). Not declaring or requesting these is a proportionality mismatch and could hide where/how secrets are stored or required.
Persistence & Privilege
always is false and there is no install-time modification of other skills or system-wide configs beyond creating ~/.pilot/setups and using pilotctl. The skill does not request elevated persistence or cross-skill config changes in its instructions.
What to consider before installing
Before installing: 1) Ask the author how the scanner will authenticate to your cloud provider (IAM roles, API keys, where to store them). The SKILL.md does not state required cloud credentials or where to put them. 2) Ask how Slack/email/webhook credentials are provided and stored—reporter->external requires tokens/URLs. 3) Review the 'pilot-*' packages that clawhub will install; they will run on your hosts and may require permissions. 4) Test in a non-production account and verify the optimizer cannot take destructive actions without explicit approval (review how 'approved optimizations' are confirmed). 5) Validate the source of pilotctl and clawhub binaries (package origin, checksums) and confirm the homepage/owner authenticity. If the vendor cannot explain where secrets live or how actions are authorized, treat the setup as risky.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binspilotctl, clawhub
latestvk972s1zab07h5p2syk382t9t2h85bhhg
19downloads
0stars
1versions
Updated 3h ago
v1.0.0
MIT-0
Calin Teodor@teoslayer
latest
Download

Cloud Cost Optimizer Setup

Deploy 4 agents that scan, analyze, optimize, and report on cloud spending with zero central server.

Roles

RoleHostnameSkillsPurpose
scanner<prefix>-scannerpilot-cron, pilot-stream-data, pilot-metrics, pilot-healthScans cloud resources, collects billing and utilization data
analyzer<prefix>-analyzerpilot-event-filter, pilot-alert, pilot-metricsIdentifies waste, rightsizing, and spend anomalies
optimizer<prefix>-optimizerpilot-task-router, pilot-audit-log, pilot-receiptExecutes approved optimizations, logs actions
reporter<prefix>-reporterpilot-webhook-bridge, pilot-slack-bridge, pilot-announceGenerates cost reports, sends to Slack/email

Setup Procedure

Step 1: Ask the user which role this agent should play and what prefix to use.

Step 2: Install the skills for the chosen role:

# For scanner:
clawhub install pilot-cron pilot-stream-data pilot-metrics pilot-health
# For analyzer:
clawhub install pilot-event-filter pilot-alert pilot-metrics
# For optimizer:
clawhub install pilot-task-router pilot-audit-log pilot-receipt
# For reporter:
clawhub install pilot-webhook-bridge pilot-slack-bridge pilot-announce

Step 3: Set the hostname and write the manifest:

pilotctl --json set-hostname <prefix>-<role>
mkdir -p ~/.pilot/setups

Then write the role-specific JSON manifest to ~/.pilot/setups/cloud-cost-optimizer.json.

Step 4: Tell the user to initiate handshakes with adjacent agents.

Manifest Templates Per Role

scanner

{
  "setup": "cloud-cost-optimizer", "role": "scanner", "role_name": "Resource Scanner",
  "hostname": "<prefix>-scanner",
  "skills": { "pilot-cron": "Schedule periodic scans.", "pilot-stream-data": "Stream utilization to analyzer.", "pilot-metrics": "Normalize CPU/memory/network metrics.", "pilot-health": "Report scanner readiness." },
  "data_flows": [{ "direction": "send", "peer": "<prefix>-analyzer", "port": 1002, "topic": "resource-scan" }],
  "handshakes_needed": ["<prefix>-analyzer"]
}

analyzer

{
  "setup": "cloud-cost-optimizer", "role": "analyzer", "role_name": "Cost Analyzer",
  "hostname": "<prefix>-analyzer",
  "skills": { "pilot-event-filter": "Filter by cost threshold.", "pilot-alert": "Alert on spend spikes.", "pilot-metrics": "Track cost trends." },
  "data_flows": [
    { "direction": "receive", "peer": "<prefix>-scanner", "port": 1002, "topic": "resource-scan" },
    { "direction": "send", "peer": "<prefix>-optimizer", "port": 1002, "topic": "cost-recommendation" },
    { "direction": "send", "peer": "<prefix>-reporter", "port": 1002, "topic": "cost-anomaly" }
  ],
  "handshakes_needed": ["<prefix>-scanner", "<prefix>-optimizer", "<prefix>-reporter"]
}

optimizer

{
  "setup": "cloud-cost-optimizer", "role": "optimizer", "role_name": "Optimization Agent",
  "hostname": "<prefix>-optimizer",
  "skills": { "pilot-task-router": "Execute optimization tasks.", "pilot-audit-log": "Log actions for compliance.", "pilot-receipt": "Send receipts to reporter." },
  "data_flows": [
    { "direction": "receive", "peer": "<prefix>-analyzer", "port": 1002, "topic": "cost-recommendation" },
    { "direction": "send", "peer": "<prefix>-reporter", "port": 1002, "topic": "action-receipt" }
  ],
  "handshakes_needed": ["<prefix>-analyzer", "<prefix>-reporter"]
}

reporter

{
  "setup": "cloud-cost-optimizer", "role": "reporter", "role_name": "Cost Reporter",
  "hostname": "<prefix>-reporter",
  "skills": { "pilot-webhook-bridge": "Send reports to webhooks.", "pilot-slack-bridge": "Post summaries to Slack.", "pilot-announce": "Broadcast weekly savings." },
  "data_flows": [
    { "direction": "receive", "peer": "<prefix>-analyzer", "port": 1002, "topic": "cost-anomaly" },
    { "direction": "receive", "peer": "<prefix>-optimizer", "port": 1002, "topic": "action-receipt" },
    { "direction": "send", "peer": "external", "port": 443, "topic": "cost-report" }
  ],
  "handshakes_needed": ["<prefix>-analyzer", "<prefix>-optimizer"]
}

Data Flows

  • scanner -> analyzer : resource utilization metrics (port 1002)
  • analyzer -> optimizer : optimization recommendations (port 1002)
  • analyzer -> reporter : cost anomaly alerts (port 1002)
  • optimizer -> reporter : action receipts with savings (port 1002)
  • reporter -> external : cost reports via Slack/email (port 443)

Handshakes

# scanner <-> analyzer:
pilotctl --json handshake <prefix>-analyzer "setup: cloud-cost-optimizer"
pilotctl --json handshake <prefix>-scanner "setup: cloud-cost-optimizer"
# analyzer <-> optimizer:
pilotctl --json handshake <prefix>-optimizer "setup: cloud-cost-optimizer"
pilotctl --json handshake <prefix>-analyzer "setup: cloud-cost-optimizer"
# analyzer <-> reporter:
pilotctl --json handshake <prefix>-reporter "setup: cloud-cost-optimizer"
pilotctl --json handshake <prefix>-analyzer "setup: cloud-cost-optimizer"
# optimizer <-> reporter:
pilotctl --json handshake <prefix>-reporter "setup: cloud-cost-optimizer"
pilotctl --json handshake <prefix>-optimizer "setup: cloud-cost-optimizer"

Workflow Example

# On scanner -- publish resource scan:
pilotctl --json publish <prefix>-analyzer resource-scan '{"provider":"aws","idle_instances":3,"total_monthly":12450}'

# On analyzer -- publish recommendation:
pilotctl --json publish <prefix>-optimizer cost-recommendation '{"action":"terminate","resource":"i-0a1b2c","savings":342}'

# On optimizer -- publish receipt:
pilotctl --json publish <prefix>-reporter action-receipt '{"action":"terminate","resource":"i-0a1b2c","status":"success"}'

# On reporter -- subscribe to events:
pilotctl --json subscribe cost-anomaly
pilotctl --json subscribe action-receipt

Dependencies

Requires pilot-protocol skill, pilotctl binary, clawhub binary, and a running daemon.

Comments

Loading comments...