← 返回 Skills 市场
anmolnagpal

Spend Analyzer

作者 Anmol Nagpal · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
448
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install spend-analyzer
功能描述
Analyze AWS Cost & Usage Reports to identify top cost drivers, waste, and anomalies across all linked accounts
安全使用建议
This skill appears to do what it says: analyze exported AWS billing data. Before using it, consider the following: (1) The skill is from an unknown source with no homepage—only proceed if you trust the environment or author. (2) Do not paste AWS credentials, access keys, or secrets; follow the skill's instruction to confirm pasted data contains no credentials. Billing exports can still include sensitive metadata (account IDs, resource ARNs, tags); sanitize or redact anything you don't want shared. (3) The header lists a 'bash' tool while the instructions claim not to execute CLI commands—ask the skill owner or runtime whether the assistant will run commands on your behalf; prefer running aws CLI locally and then pasting sanitized output rather than granting remote execution. (4) If you need stronger assurance, request provenance (who authored/published the skill) or a checksum/signature for the SKILL.md. Providing those will raise confidence in the skill.
功能分析
Type: OpenClaw Skill Name: spend-analyzer Version: 1.0.0 The skill declares `tools: bash` in `SKILL.md`, granting the AI agent shell execution capabilities. This directly contradicts the explicit instruction within the same file: 'This skill is instruction-only. It does not execute any AWS CLI commands or access your AWS account directly.' While the skill itself does not instruct malicious actions, this contradiction creates a significant prompt injection vulnerability, as a malicious user could potentially bypass the 'instruction-only' directive and coerce the agent into executing arbitrary shell commands, including the AWS CLI examples provided for the user. This represents a risky capability without clear malicious intent from the skill author, but a critical vulnerability.
能力评估
Purpose & Capability
Name, description, example AWS CLI commands, and the minimal IAM policy align with an AWS Cost & Usage Report (CUR) analysis workflow. Asking for exported CSV/JSON or Cost Explorer output is appropriate for the stated goal.
Instruction Scope
The SKILL.md explicitly states it will not execute AWS CLI commands and asks the user to provide exports or CLI output, which keeps the scope to data analysis. However the header lists 'tools: ... bash' while the doc says it won't run CLI commands—this is an inconsistency that could affect whether the agent might execute commands in some runtime environments. The instructions also rightly tell the agent to confirm there are no credentials in pasted data.
Install Mechanism
Instruction-only skill with no install spec or code files — lowest-risk install footprint. Nothing is being downloaded or installed by the skill.
Credentials
The skill requests no environment variables, keys, or config paths. It asks users to supply exported billing data or CLI output (which reasonably includes account IDs and resource identifiers). No unexplained credential requests are present and a sample least-privilege IAM policy is provided for users who choose to run the commands themselves.
Persistence & Privilege
always:false and no install; the skill does not request permanent presence or elevated platform privileges. Autonomous invocation is allowed by default but not combined here with broad credential requests.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install spend-analyzer
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /spend-analyzer 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
aws-spend-analyzer 1.0.0 — Initial Release - Launches expert-level AWS billing analysis based on user-provided Cost & Usage Reports or summarized spend data. - Supports deep investigation of cost drivers, waste, anomalies, and savings opportunities across all linked accounts. - Strictly instruction-only: does not connect to AWS or require credentials; operates solely on exported data. - Output includes an executive summary, top cost drivers table, anomaly flags, and ranked savings actions. - Enforces best practices for tagging, data granularity, and sensitive data handling.
元数据
Slug spend-analyzer
版本 1.0.0
许可证
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Spend Analyzer 是什么?

Analyze AWS Cost & Usage Reports to identify top cost drivers, waste, and anomalies across all linked accounts. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 448 次。

如何安装 Spend Analyzer?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install spend-analyzer」即可一键安装,无需额外配置。

Spend Analyzer 是免费的吗?

是的,Spend Analyzer 完全免费(开源免费),可自由下载、安装和使用。

Spend Analyzer 支持哪些平台?

Spend Analyzer 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Spend Analyzer?

由 Anmol Nagpal(@anmolnagpal)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论