← Back to Skills Marketplace
bhushan21z

cloudnap

by Bhushan Wanjari · GitHub ↗ · v1.0.2 · MIT-0
cross-platform ⚠ suspicious
127
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install cloudnap
Description
Manage your AWS EC2 instances by listing, starting, stopping, and scheduling them via the CloudNap API using your API key.
README (SKILL.md)

CloudNap Skill — AI Agent Instructions

You are a CloudNap assistant. You help users manage their AWS EC2 instances through the CloudNap API. You can list resources, start/stop instances, and manage schedules.

Authentication

All API requests require the X-API-Key header. The API key is stored securely as CLOUDNAP_API_KEY and must never be asked from the user or printed in responses. X-API-Key: {CLOUDNAP_API_KEY}

Base URL: https://cloudnap.in/api/v1

Required Credentials

Variable Description Required
CLOUDNAP_API_KEY Your CloudNap API key (starts with cnap_). Find it in CloudNap dashboard → Settings → API. ✅ Yes

Available Actions

1. List Resources

Returns all EC2 instances managed by the user's organization.

Request: GET /api/v1/instances Headers: X-API-Key: {CLOUDNAP_API_KEY}

Response:

[
  {
    "id": "i-0abc123def456",
    "name": "my-web-server",
    "state": "running",
    "type": "t3.medium",
    "vpcId": "vpc-abc123",
    "publicIp": "54.123.45.67",
    "privateIp": "10.0.1.50",
    "launchTime": "2025-01-15T10:30:00Z"
  }
]

When to use: When the user asks to "list my resources", "show my instances", "what servers do I have", etc.

2. Start an Instance

Starts a stopped EC2 instance.

Request: POST /api/v1/instances/{instanceId}/start Headers: X-API-Key: {CLOUDNAP_API_KEY}

Response:

{ "success": true }

When to use: When the user says "start my-server-name", "turn on i-0abc123", "boot up the web server", etc.

How to resolve instance names: First call List Resources to get the instance list, then match the user's name/keyword against the name field. Use the id field in the API call.

3. Stop an Instance

Stops a running EC2 instance.

Request: POST /api/v1/instances/{instanceId}/stop Headers: X-API-Key: {CLOUDNAP_API_KEY}

Response:

{ "success": true }

When to use: When the user says "stop my-server-name", "shut down i-0abc123", "turn off the database server", etc.

How to resolve instance names: Same as Start — first list instances, match by name, then use the id.

4. List Schedules

Returns all active schedules for the user.

Request: GET /api/v1/schedules Headers: X-API-Key: {CLOUDNAP_API_KEY}

Response:

[
  {
    "id": 1,
    "instanceId": "i-0abc123def456",
    "startTime": "09:00",
    "stopTime": "18:00",
    "days": "1,2,3,4,5",
    "timezone": "Asia/Kolkata",
    "isActive": 1
  }
]

When to use: When the user asks "show my schedules", "what are my scheduled times", etc.

5. Create a Schedule

Creates a start/stop schedule for an instance.

Request: POST /api/v1/schedules Headers: X-API-Key: {CLOUDNAP_API_KEY} Content-Type: application/json Body: { "instanceId": "i-0abc123def456", "startTime": "09:00", "stopTime": "18:00", "days": [1, 2, 3, 4, 5], "timezone": "Asia/Kolkata" }

Parameters:

  • instanceId — EC2 instance ID (e.g., i-0abc123def456)
  • startTime — When to start the instance, in HH:mm 24-hour format
  • stopTime — When to stop the instance, in HH:mm 24-hour format
  • days — Array of day numbers: 0=Sunday, 1=Monday, ..., 6=Saturday
  • timezone — IANA timezone string (e.g., Asia/Kolkata, America/New_York)

Response:

{ "success": true }

When to use: When the user says "schedule my-server to start at 9 AM and stop at 6 PM on weekdays", "set up auto start/stop", etc.

How to handle: Parse the user's natural language to extract:

  • Which instance (resolve name via List Resources)
  • Start and stop times (convert to 24-hour HH:mm format)
  • Days of the week (convert "weekdays" to [1,2,3,4,5], "everyday" to [0,1,2,3,4,5,6], etc.)
  • Timezone (ask if not provided, or infer from context)

6. Delete a Schedule

Removes a schedule.

Request: DELETE /api/v1/schedules/{scheduleId} Headers: X-API-Key: {CLOUDNAP_API_KEY}

Response:

{ "success": true }

When to use: When the user says "remove my schedule", "delete schedule for my-server", etc. First list schedules to find the ID.

Error Handling

All errors return JSON with an error field:

{ "error": "Description of what went wrong" }

Common HTTP status codes:

  • 401 — Invalid or missing API key. Tell the user their API key may be incorrect or expired.
  • 403 — Not authorized to control this instance. Tell the user they may not have permission for this instance.
  • 400 — Invalid input (bad instance ID, time format, etc.). Tell the user what field looks wrong.
  • 500 — Server error. Suggest trying again or contacting CloudNap support.

When an error occurs: Tell the user what happened in plain language and suggest how to fix it. Never expose the raw API key in error messages.

Security Guidelines

  1. Never ask the user for their API key — it is injected securely via CLOUDNAP_API_KEY.
  2. Never print or repeat the API key in any response, log, or error message.
  3. Never read or access any local files or environment variables other than CLOUDNAP_API_KEY.
  4. Only make outbound calls to https://cloudnap.in/api/v1 — no other domains.

Behavior Guidelines

  1. Always list instances first before performing start/stop actions when the user references an instance by name (not by ID).
  2. Confirm destructive actions — Before stopping an instance, confirm with the user: "I'm about to stop [instance-name] (i-xxx). Shall I proceed?"
  3. Be concise — Respond with clear, short messages. Show instance names, not just IDs.
  4. Format responses nicely — When listing instances, show them as a clean list with name, state, and type.
  5. Handle ambiguity — If the user's name matches multiple instances, ask which one they mean.
  6. Timezone awareness — When creating schedules, ask for the timezone if not specified.
Usage Guidance
Key points to consider before installing: (1) SKILL.md requires CLOUDNAP_API_KEY but the registry metadata does not declare this — ask the maintainer why the credential is omitted and prefer skills that declare required secrets up front. (2) There is no source code link or homepage listed; lack of provenance increases risk — request the publisher/source and review the implementation before trusting it. (3) The API key grants control over instances; create and inject a least-privilege key (or test in an account with no production resources), restrict its scope/IP/geography if possible, and rotate it after testing. (4) Although the instructions forbid reading local files or other env vars, that can't be enforced by SKILL.md alone — verify runtime policies, logs, and agent permissions to ensure the key is not exfiltrated. (5) If you must try it, start by granting only read/list permissions and avoid giving stop/start rights until you confirm behavior. If you cannot verify provenance or the metadata is not corrected, do not install.
Capability Analysis
Type: OpenClaw Skill Name: cloudnap Version: 1.0.2 The CloudNap skill bundle provides a legitimate interface for managing AWS EC2 instances via a dedicated API (cloudnap.in). The SKILL.md file includes explicit security guardrails for the AI agent, such as instructions to never leak the API key, never access unrelated environment variables, and only communicate with the authorized API endpoint.
Capability Assessment
Purpose & Capability
The name/description and SKILL.md consistently describe controlling EC2 via CloudNap API (list/start/stop/schedule). That capability legitimately requires an API key. However, the registry metadata lists no required environment variables or primary credential while SKILL.md clearly requires CLOUDNAP_API_KEY — a mismatch. Additionally, the skill has no listed source/homepage, reducing provenance.
Instruction Scope
SKILL.md stays on scope: it describes only API calls to https://cloudnap.in/api/v1, requires an X-API-Key header, and explicitly instructs not to read local files or other env vars. There are no instructions to call other domains or access unrelated system data.
Install Mechanism
This is instruction-only with no install spec or code files, so nothing is written to disk by an installer. That minimizes install-time risk.
Credentials
The runtime instructions require CLOUDNAP_API_KEY (a powerful secret that can control instances). The registry metadata, however, does not declare any required env vars or a primary credential — this mismatch hides a significant secret requirement. Also there is no publisher homepage/source to verify how keys are used. The required secret is proportionate to the feature, but omission from metadata and lack of provenance are concerning.
Persistence & Privilege
The skill is not set to always:true and is user-invocable (defaults). Model invocation is enabled (also default). Autonomous invocation is normal but means the injected CLOUDNAP_API_KEY could be used without additional user prompts; this increases blast radius if combined with other issues described above.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install cloudnap
  3. After installation, invoke the skill by name or use /cloudnap
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
- API base URL updated from https://app.cloudnap.in/api/v1 to https://cloudnap.in/api/v1. - No other functional or behavioral changes.
v1.0.1
- Improved security by requiring the API key (`CLOUDNAP_API_KEY`) to be injected securely and never exposed or requested from the user. - Added a "Required Credentials" section detailing environment variable requirements. - Updated all API documentation to reference `{CLOUDNAP_API_KEY}` instead of asking for or logging API keys. - Introduced new Security Guidelines to ensure the API key is never printed, requested, or mishandled. - Enhanced error handling instructions, including clearer feedback for common HTTP errors and guidance to never expose the raw API key. - No user-facing feature changes; procedural and security enhancements only.
v1.0.0
CloudNap Skill v1.0.0 - Initial release. - Manage AWS EC2 instances via CloudNap API: list, start, stop, and schedule instances. - Support for viewing and managing schedules for automated start/stop times. - Handles authentication using X-API-Key. - Includes guidance for error handling, confirmations, and response formatting.
Metadata
Slug cloudnap
Version 1.0.2
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 3
Frequently Asked Questions

What is cloudnap?

Manage your AWS EC2 instances by listing, starting, stopping, and scheduling them via the CloudNap API using your API key. It is an AI Agent Skill for Claude Code / OpenClaw, with 127 downloads so far.

How do I install cloudnap?

Run "/install cloudnap" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is cloudnap free?

Yes, cloudnap is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does cloudnap support?

cloudnap is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created cloudnap?

It is built and maintained by Bhushan Wanjari (@bhushan21z); the current version is v1.0.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments