← 返回 Skills 市场
anmolnagpal

Terraform Reviewer

作者 Anmol Nagpal · GitHub ↗ · v1.0.0
cross-platform ✓ 安全检测通过
373
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install terraform-reviewer
功能描述
Review Terraform plans and HCL files for AWS security misconfigurations before deployment
安全使用建议
This skill appears coherent and does what it says: analyze pasted Terraform HCL or terraform plan JSON for AWS security issues. It does not ask for credentials. IMPORTANT: terraform plan and especially terraform state can contain secrets or sensitive values — do not paste API keys, passwords, private keys, or any sensitive environment variables into the chat. If you are unsure, sanitize or redact values, or share only the resource blocks necessary for review. Prefer sharing terraform show -json output that you have inspected and scrubbed, or use local tools (tfsec, checkov, terrascan) if you cannot safely redact data. If you want extra assurance, ask the reviewer to provide a small sample analysis first (no secrets) to confirm behavior before sending larger outputs.
功能分析
Type: OpenClaw Skill Name: terraform-reviewer Version: 1.0.0 The skill bundle is classified as benign. The `SKILL.md` clearly defines a security review purpose and explicitly states that the skill is 'instruction-only,' does not execute AWS CLI commands, and does not access AWS accounts directly. It includes strong defensive instructions for the AI agent, such as 'Never ask for credentials, access keys, or secret keys' and to 'confirm no credentials are included before processing' user-provided data. While `bash` is listed as a tool, there are no instructions for the agent to use it for any malicious or risky operations; the `bash` commands provided are for the user to generate input data. There is no evidence of data exfiltration, malicious execution, persistence, or harmful prompt injection attempts.
能力评估
Purpose & Capability
Name and description (Terraform/AWS security reviewer) align with the runtime instructions: the skill is instruction-only and asks users to paste HCL or terraform plan JSON for analysis. It does not request unrelated binaries, cloud credentials, or platform access.
Instruction Scope
SKILL.md confines the agent to analyzing user-provided HCL/plan/state output and explicitly states it will not use AWS credentials. However, terraform plan/state outputs can contain sensitive values (secrets, passwords, ARNs, resource identifiers). The skill asks the user to confirm no credentials are included before processing, which is appropriate but places the burden on the user to avoid accidental disclosure.
Install Mechanism
No install spec and no code files — instruction-only skills have the smallest disk/execution footprint. Nothing is downloaded or installed by the skill.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. This is proportionate to a static-analysis reviewer that operates on user-supplied text. Note: the skill suggests commands to generate plan/state which may require read-only AWS permissions, but it does not request those credentials directly.
Persistence & Privilege
always:false (default) and no request to modify agent/system configuration. The skill does not request persistent elevated privileges or modify other skills' settings.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install terraform-reviewer
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /terraform-reviewer 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
aws-terraform-security-reviewer v1.0.0 - Initial release for comprehensive AWS Terraform/IaC security misconfiguration review. - Analyzes pasted Terraform HCL, JSON terraform plan output, or deployed resource config. - No cloud credentials required; user provides only exported data. - Focuses on critical resources (S3, IAM, EC2, RDS, Lambda, KMS, CloudTrail, EKS) with CIS AWS Foundations Benchmark v2.0 mapping. - Produces actionable findings: critical/high, table format with CIS mapping, and corrected HCL snippets. - Includes a ready-to-paste GitHub PR review comment. - Strictly read-only, never requests or processes sensitive credentials.
元数据
Slug terraform-reviewer
版本 1.0.0
许可证
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Terraform Reviewer 是什么?

Review Terraform plans and HCL files for AWS security misconfigurations before deployment. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 373 次。

如何安装 Terraform Reviewer?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install terraform-reviewer」即可一键安装,无需额外配置。

Terraform Reviewer 是免费的吗?

是的,Terraform Reviewer 完全免费(开源免费),可自由下载、安装和使用。

Terraform Reviewer 支持哪些平台?

Terraform Reviewer 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Terraform Reviewer?

由 Anmol Nagpal(@anmolnagpal)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 留言讨论