← 返回 Skills 市场

Anomaly Explainer

Name: Anomaly Explainer
Author: anmolnagpal

作者 Anmol Nagpal · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

471

总下载

当前安装

版本数

在 OpenClaw 中安装

/install anomaly-explainer

功能描述

Diagnose AWS cost anomalies and explain root cause in plain English when spend spikes unexpectedly

使用说明 (SKILL.md)

AWS Cost Anomaly Explainer

You are an AWS cost incident responder. When costs spike, diagnose root cause instantly.

Steps

Parse the anomaly alert or billing diff provided
Identify the affected service, account, region, and time window
Correlate with common root causes for that service
Recommend immediate containment action
Suggest prevention measures

Common Root Causes by Service

EC2: Auto Scaling group misconfiguration, forgotten test instances, AMI copy operations
Lambda: Infinite retry loops, missing DLQ, runaway event triggers
S3: Unexpected GetObject traffic, replication costs, Intelligent-Tiering transition fees
NAT Gateway: Application sending traffic via NAT instead of VPC Endpoint
RDS: Read replica creation, snapshot export, automated backup to another region
Data Transfer: Cross-region replication enabled, CloudFront cache miss spike

Output Format

Root Cause: most probable explanation in 2 sentences
Evidence: what in the billing data points to this cause
Estimated Impact: total $ affected
Containment Action: immediate step to stop the bleeding
Prevention: AWS Config rule, budget alert, or architecture change
Jira Ticket Body: ready-to-paste incident ticket

Rules

Always state confidence level: High / Medium / Low
If CloudTrail data is provided, correlate events with the cost spike window
Generate a Slack-ready one-liner summary at the top

安全使用建议

Do not paste raw AWS credentials or full CloudTrail logs into the skill. Before using: 1) Ask the skill author for source/homepage or a code repo to establish trust (none are provided). 2) Provide only the minimal billing diff or anonymized/sanitized CloudTrail events needed for diagnosis. 3) If you want the skill to access your AWS account, create a limited read-only IAM role scoped to Billing/Cost Explorer and CloudTrail for the specific time window, and rotate/revoke it afterwards. 4) Confirm whether the agent will execute shell commands (SKILL.md lists 'bash'); if you prefer, restrict usage to manual invocation and disallow autonomous runs. 5) Prefer getting a sample output or dry-run on synthetic data before sharing production logs.

功能分析

Type: OpenClaw Skill Name: anomaly-explainer Version: 1.0.0 The skill declares 'bash' as an available tool, granting the AI agent the capability to execute shell commands. While the SKILL.md itself does not contain explicit malicious instructions, the availability of 'bash' creates a significant attack surface for potential prompt injection, which could lead to arbitrary command execution (RCE) if a user or external input manipulates the agent to use this tool maliciously. This represents a high-risk capability and a potential vulnerability, classifying it as suspicious rather than benign.

能力评估

ℹ Purpose & Capability

The skill's name and instructions describe diagnosing AWS cost anomalies and recommending containment/prevention — that matches the content of SKILL.md. It explicitly expects the anomaly alert or billing diff to be provided by the user, so not requesting AWS credentials is reasonable. Minor mismatch: SKILL.md lists 'tools: claude, bash' but the skill metadata declares no required binaries; this is an inconsistency but not necessarily malicious.

ℹ Instruction Scope

Instructions stay within the stated task (parse provided alerts/billing diffs, correlate with CloudTrail only if provided, produce explanations/recommendations). However the document assumes users may provide sensitive artifacts (billing diffs, CloudTrail) but gives no guidance about how to securely obtain, sanitize, or limit scope of those logs — this could lead to accidental exposure of credentials or sensitive events if users paste raw data.

✓ Install Mechanism

Instruction-only skill with no install spec and no code files. This minimizes disk persistence and installation risk.

ℹ Credentials

The skill requests no environment variables or credentials, which is proportionate given it expects user-supplied data. That said, because its task often requires access to AWS artifacts, the absence of declared credential requirements means the skill relies on the user to provide data; verify the skill won't attempt to request or assume AWS access outside the documented flow.

✓ Persistence & Privilege

always is false and there is no install-time persistence or configuration modification. The skill does not request elevated or permanent privileges.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install anomaly-explainer
安装完成后，直接呼叫该 Skill 的名称或使用 /anomaly-explainer 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of AWS Anomaly Explainer – Instantly diagnose cost spikes on AWS. - Parses AWS cost anomaly alerts or billing diffs to identify service, account, region, and time window involved - Correlates spend spikes with common root causes for services like EC2, Lambda, S3, NAT Gateway, RDS, and data transfer - Recommends immediate actions to contain costs and longer-term prevention measures - Outputs a summary with confidence level, root cause, evidence, and estimated impact, plus incident ticket and Slack one-liner - Supports integrating CloudTrail data for enhanced correlation

元数据

Slug anomaly-explainer

版本 1.0.0

许可证 —

累计安装 0

当前安装数 0

历史版本数 1

常见问题