tf-plan-review
ReviewAudited by ClawScan on May 10, 2026.
Overview
This looks like a legitimate Terraform plan reviewer, but its safety claims are too strong because it runs Terraform with local cloud access and temporarily writes plan data despite saying it does not cache or write files.
Treat this as a useful but sensitive infrastructure tool. Run it only in trusted Terraform directories, with least-privilege cloud credentials where possible, and be aware that despite the documentation it can create local Terraform/init artifacts and temporarily store plan JSON on disk.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may believe no plan data touches disk, when the script actually creates a temporary local plan JSON file and later deletes it.
This strong privacy/safety claim is contradicted by the script writing Terraform plan JSON to a temporary file before parsing it. Terraform plan data can contain sensitive infrastructure details, so the difference matters.
Plan output is analyzed in-memory and never cached to disk
Update the documentation and metadata to disclose temporary files and terraform init writes, or change the implementation to stream plan output without writing it to disk.
Running the skill can contact cloud providers, read Terraform state/configuration, and reveal resource names and planned actions in the agent response.
The skill executes Terraform/OpenTofu in the target directory. That is central to plan review, but it gives the agent a powerful local CLI workflow that reads project and state context.
"$tf" plan -json -input=false -no-color -out=/dev/null 2>/dev/null > "$plan_json_file"
Use it only on Terraform directories you trust and review the target directory before allowing the agent to run the plan.
Terraform will use whatever cloud permissions are available in the local environment or configured provider profiles.
The skill relies on already-configured cloud/provider credentials through Terraform. This is expected for Terraform planning, and the artifacts do not show direct credential logging or exfiltration.
| Cloud credentials | **Never accessed directly** | Used by Terraform's provider plugins, never read or logged by this skill |
Prefer least-privilege or read-only planning credentials where possible, especially for production accounts.
Using the skill on an untrusted Terraform project may cause Terraform to fetch dependencies selected by that project.
The skill may run terraform init when a directory is not initialized, which can download providers or modules. That is normal Terraform behavior but makes provider/module provenance important.
Terraform Registry — for provider/module downloads during `terraform init`
Review provider and module sources and lockfiles before running this on unfamiliar infrastructure code; consider running terraform init manually first.
It is harder to independently verify that the installed package matches the documented source and version.
The registry metadata lacks a source/homepage and the supplied artifacts internally identify version 0.1.1, creating a provenance/version mismatch for a skill that runs local infrastructure tooling.
Source: unknown; Homepage: none; Version: 0.2.1
Verify the package contents before use and ask the publisher to align registry metadata, artifact versions, author naming, and source links.