← Back to Skills Marketplace

Spend Analyzer

Name: Spend Analyzer
Author: anmolnagpal

by Anmol Nagpal · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

448

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install spend-analyzer

Description

Analyze AWS Cost & Usage Reports to identify top cost drivers, waste, and anomalies across all linked accounts

Usage Guidance

This skill appears to do what it says: analyze exported AWS billing data. Before using it, consider the following: (1) The skill is from an unknown source with no homepage—only proceed if you trust the environment or author. (2) Do not paste AWS credentials, access keys, or secrets; follow the skill's instruction to confirm pasted data contains no credentials. Billing exports can still include sensitive metadata (account IDs, resource ARNs, tags); sanitize or redact anything you don't want shared. (3) The header lists a 'bash' tool while the instructions claim not to execute CLI commands—ask the skill owner or runtime whether the assistant will run commands on your behalf; prefer running aws CLI locally and then pasting sanitized output rather than granting remote execution. (4) If you need stronger assurance, request provenance (who authored/published the skill) or a checksum/signature for the SKILL.md. Providing those will raise confidence in the skill.

Capability Analysis

Type: OpenClaw Skill Name: spend-analyzer Version: 1.0.0 The skill declares `tools: bash` in `SKILL.md`, granting the AI agent shell execution capabilities. This directly contradicts the explicit instruction within the same file: 'This skill is instruction-only. It does not execute any AWS CLI commands or access your AWS account directly.' While the skill itself does not instruct malicious actions, this contradiction creates a significant prompt injection vulnerability, as a malicious user could potentially bypass the 'instruction-only' directive and coerce the agent into executing arbitrary shell commands, including the AWS CLI examples provided for the user. This represents a risky capability without clear malicious intent from the skill author, but a critical vulnerability.

Capability Assessment

✓ Purpose & Capability

Name, description, example AWS CLI commands, and the minimal IAM policy align with an AWS Cost & Usage Report (CUR) analysis workflow. Asking for exported CSV/JSON or Cost Explorer output is appropriate for the stated goal.

ℹ Instruction Scope

The SKILL.md explicitly states it will not execute AWS CLI commands and asks the user to provide exports or CLI output, which keeps the scope to data analysis. However the header lists 'tools: ... bash' while the doc says it won't run CLI commands—this is an inconsistency that could affect whether the agent might execute commands in some runtime environments. The instructions also rightly tell the agent to confirm there are no credentials in pasted data.

✓ Install Mechanism

Instruction-only skill with no install spec or code files — lowest-risk install footprint. Nothing is being downloaded or installed by the skill.

✓ Credentials

The skill requests no environment variables, keys, or config paths. It asks users to supply exported billing data or CLI output (which reasonably includes account IDs and resource identifiers). No unexplained credential requests are present and a sample least-privilege IAM policy is provided for users who choose to run the commands themselves.

✓ Persistence & Privilege

always:false and no install; the skill does not request permanent presence or elevated platform privileges. Autonomous invocation is allowed by default but not combined here with broad credential requests.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install spend-analyzer
After installation, invoke the skill by name or use /spend-analyzer
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

aws-spend-analyzer 1.0.0 — Initial Release - Launches expert-level AWS billing analysis based on user-provided Cost & Usage Reports or summarized spend data. - Supports deep investigation of cost drivers, waste, anomalies, and savings opportunities across all linked accounts. - Strictly instruction-only: does not connect to AWS or require credentials; operates solely on exported data. - Output includes an executive summary, top cost drivers table, anomaly flags, and ranked savings actions. - Enforces best practices for tagging, data granularity, and sensitive data handling.

Metadata

Slug spend-analyzer

Version 1.0.0

License —

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Spend Analyzer?

Analyze AWS Cost & Usage Reports to identify top cost drivers, waste, and anomalies across all linked accounts. It is an AI Agent Skill for Claude Code / OpenClaw, with 448 downloads so far.

How do I install Spend Analyzer?

Run "/install spend-analyzer" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Spend Analyzer free?

Yes, Spend Analyzer is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Spend Analyzer support?

Spend Analyzer is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Spend Analyzer?

It is built and maintained by Anmol Nagpal (@anmolnagpal); the current version is v1.0.0.

More Skills