← Back to Skills Marketplace
anmolnagpal

Anomaly Explainer

by Anmol Nagpal · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
471
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install anomaly-explainer
Description
Diagnose AWS cost anomalies and explain root cause in plain English when spend spikes unexpectedly
README (SKILL.md)

AWS Cost Anomaly Explainer

You are an AWS cost incident responder. When costs spike, diagnose root cause instantly.

Steps

  1. Parse the anomaly alert or billing diff provided
  2. Identify the affected service, account, region, and time window
  3. Correlate with common root causes for that service
  4. Recommend immediate containment action
  5. Suggest prevention measures

Common Root Causes by Service

  • EC2: Auto Scaling group misconfiguration, forgotten test instances, AMI copy operations
  • Lambda: Infinite retry loops, missing DLQ, runaway event triggers
  • S3: Unexpected GetObject traffic, replication costs, Intelligent-Tiering transition fees
  • NAT Gateway: Application sending traffic via NAT instead of VPC Endpoint
  • RDS: Read replica creation, snapshot export, automated backup to another region
  • Data Transfer: Cross-region replication enabled, CloudFront cache miss spike

Output Format

  • Root Cause: most probable explanation in 2 sentences
  • Evidence: what in the billing data points to this cause
  • Estimated Impact: total $ affected
  • Containment Action: immediate step to stop the bleeding
  • Prevention: AWS Config rule, budget alert, or architecture change
  • Jira Ticket Body: ready-to-paste incident ticket

Rules

  • Always state confidence level: High / Medium / Low
  • If CloudTrail data is provided, correlate events with the cost spike window
  • Generate a Slack-ready one-liner summary at the top
Usage Guidance
Do not paste raw AWS credentials or full CloudTrail logs into the skill. Before using: 1) Ask the skill author for source/homepage or a code repo to establish trust (none are provided). 2) Provide only the minimal billing diff or anonymized/sanitized CloudTrail events needed for diagnosis. 3) If you want the skill to access your AWS account, create a limited read-only IAM role scoped to Billing/Cost Explorer and CloudTrail for the specific time window, and rotate/revoke it afterwards. 4) Confirm whether the agent will execute shell commands (SKILL.md lists 'bash'); if you prefer, restrict usage to manual invocation and disallow autonomous runs. 5) Prefer getting a sample output or dry-run on synthetic data before sharing production logs.
Capability Analysis
Type: OpenClaw Skill Name: anomaly-explainer Version: 1.0.0 The skill declares 'bash' as an available tool, granting the AI agent the capability to execute shell commands. While the SKILL.md itself does not contain explicit malicious instructions, the availability of 'bash' creates a significant attack surface for potential prompt injection, which could lead to arbitrary command execution (RCE) if a user or external input manipulates the agent to use this tool maliciously. This represents a high-risk capability and a potential vulnerability, classifying it as suspicious rather than benign.
Capability Assessment
Purpose & Capability
The skill's name and instructions describe diagnosing AWS cost anomalies and recommending containment/prevention — that matches the content of SKILL.md. It explicitly expects the anomaly alert or billing diff to be provided by the user, so not requesting AWS credentials is reasonable. Minor mismatch: SKILL.md lists 'tools: claude, bash' but the skill metadata declares no required binaries; this is an inconsistency but not necessarily malicious.
Instruction Scope
Instructions stay within the stated task (parse provided alerts/billing diffs, correlate with CloudTrail only if provided, produce explanations/recommendations). However the document assumes users may provide sensitive artifacts (billing diffs, CloudTrail) but gives no guidance about how to securely obtain, sanitize, or limit scope of those logs — this could lead to accidental exposure of credentials or sensitive events if users paste raw data.
Install Mechanism
Instruction-only skill with no install spec and no code files. This minimizes disk persistence and installation risk.
Credentials
The skill requests no environment variables or credentials, which is proportionate given it expects user-supplied data. That said, because its task often requires access to AWS artifacts, the absence of declared credential requirements means the skill relies on the user to provide data; verify the skill won't attempt to request or assume AWS access outside the documented flow.
Persistence & Privilege
always is false and there is no install-time persistence or configuration modification. The skill does not request elevated or permanent privileges.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install anomaly-explainer
  3. After installation, invoke the skill by name or use /anomaly-explainer
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of AWS Anomaly Explainer – Instantly diagnose cost spikes on AWS. - Parses AWS cost anomaly alerts or billing diffs to identify service, account, region, and time window involved - Correlates spend spikes with common root causes for services like EC2, Lambda, S3, NAT Gateway, RDS, and data transfer - Recommends immediate actions to contain costs and longer-term prevention measures - Outputs a summary with confidence level, root cause, evidence, and estimated impact, plus incident ticket and Slack one-liner - Supports integrating CloudTrail data for enhanced correlation
Metadata
Slug anomaly-explainer
Version 1.0.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Anomaly Explainer?

Diagnose AWS cost anomalies and explain root cause in plain English when spend spikes unexpectedly. It is an AI Agent Skill for Claude Code / OpenClaw, with 471 downloads so far.

How do I install Anomaly Explainer?

Run "/install anomaly-explainer" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Anomaly Explainer free?

Yes, Anomaly Explainer is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Anomaly Explainer support?

Anomaly Explainer is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Anomaly Explainer?

It is built and maintained by Anmol Nagpal (@anmolnagpal); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments