SageMaker Training Job
v1.0.2Submit ML training jobs to AWS SageMaker — package code, upload to S3, launch on GPU/CPU instances, poll status, download artifacts. Use when training machin...
⭐ 1· 36·0 current·0 all-time
by@zyyhhxx
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description align with included scripts and docs: packaging/uploading source, submitting SageMaker jobs, polling status, downloading artifacts, listing jobs, and cost estimation. The included Python scripts implement the advertised functionality and the reference docs describe required IAM roles and S3 setup.
Instruction Scope
SKILL.md and references limit actions to packaging source, calling AWS (boto3) APIs, and running local smoke tests. The instructions require AWS credentials (via standard boto3 chain) and reference only expected paths and endpoints (S3, SageMaker, CloudWatch). There are no instructions to read unrelated system files or exfiltrate data to unexpected endpoints. The smoke test and packaging steps do create temporary files and upload to S3 as expected.
Install Mechanism
No install spec (instruction-only) — scripts rely on python3 and Python packages (boto3, optional sagemaker). Nothing is downloaded from arbitrary URLs or extracted; the skill ships its Python scripts and docs. This is a low-risk install pattern for this kind of tool.
Credentials
Primary credential declared is AWS_DEFAULT_REGION (region), and the skill relies on boto3's normal credential chain (instance profile, AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY, or configured profile). The SKILL.md and references clearly explain the need for AWS credentials and specific IAM roles. It would be clearer if required.env explicitly listed the possible credential env vars, but the current setup (using the standard boto3 chain and recommending instance profiles) is proportionate to the skill's purpose.
Persistence & Privilege
The skill is not always-enabled and allows user invocation. It does not request system-wide privileges or modify other skills. It performs normal actions (create S3 objects, call SageMaker APIs) with the provided AWS permissions; these are expected for the stated purpose.
Assessment
This skill appears to do exactly what it claims. Before installing or running it: 1) Be prepared to provide AWS credentials (prefer an EC2 instance profile or a scoped IAM user) and create two IAM roles with the least privilege needed for S3 and SageMaker as described; 2) Review the source packaging/dry-run output to avoid unintentionally uploading secrets (don’t point --source-dir at your home directory); 3) Run the smoke test in a controlled account/bucket to verify behavior and cost (it will submit a real SageMaker job and incur charges); 4) Ensure the Caller role is tightly scoped to your S3 bucket and the PassRole action is limited to the specific SageMaker execution role ARN. If you want stricter metadata, ask the maintainer to declare AWS credential env vars explicitly in requires.env so the platform makes credential needs clearer.Like a lobster shell, security has layers — review code before you run it.
latestvk97dhtj2h9dd1dkh4dzc4nj6xn848hwt
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binspython3
Primary envAWS_DEFAULT_REGION