by 安全扫描
OpenClaw
可疑
medium confidenceThe instructions are broadly consistent with an analyst that expects the user to supply billing or CloudTrail data, but provenance is unknown and small inconsistencies (e.g., 'tools: bash' with no declared binaries, no guidance for safe access to CloudTrail/AWS) mean you should be cautious before handing over sensitive logs or credentials.
评估建议
Do not paste raw AWS credentials or full CloudTrail logs into the skill. Before using: 1) Ask the skill author for source/homepage or a code repo to establish trust (none are provided). 2) Provide only the minimal billing diff or anonymized/sanitized CloudTrail events needed for diagnosis. 3) If you want the skill to access your AWS account, create a limited read-only IAM role scoped to Billing/Cost Explorer and CloudTrail for the specific time window, and rotate/revoke it afterwards. 4) Confirm...详细分析 ▾
ℹ 用途与能力
The skill's name and instructions describe diagnosing AWS cost anomalies and recommending containment/prevention — that matches the content of SKILL.md. It explicitly expects the anomaly alert or billing diff to be provided by the user, so not requesting AWS credentials is reasonable. Minor mismatch: SKILL.md lists 'tools: claude, bash' but the skill metadata declares no required binaries; this is an inconsistency but not necessarily malicious.
ℹ 指令范围
Instructions stay within the stated task (parse provided alerts/billing diffs, correlate with CloudTrail only if provided, produce explanations/recommendations). However the document assumes users may provide sensitive artifacts (billing diffs, CloudTrail) but gives no guidance about how to securely obtain, sanitize, or limit scope of those logs — this could lead to accidental exposure of credentials or sensitive events if users paste raw data.
✓ 安装机制
Instruction-only skill with no install spec and no code files. This minimizes disk persistence and installation risk.
ℹ 凭证需求
The skill requests no environment variables or credentials, which is proportionate given it expects user-supplied data. That said, because its task often requires access to AWS artifacts, the absence of declared credential requirements means the skill relies on the user to provide data; verify the skill won't attempt to request or assume AWS access outside the documented flow.
✓ 持久化与权限
always is false and there is no install-time persistence or configuration modification. The skill does not request elevated or permanent privileges.
安装前注意事项
- Ask the skill author for source/homepage or a code repo to establish trust (none are provided).
- Provide only the minimal billing diff or anonymized/sanitized CloudTrail events needed for diagnosis.
- If you want the skill to access your AWS account, create a limited read-only IAM role scoped to Billing/Cost Explorer and CloudTrail for the specific time window, and rotate/revoke it afterwards.
- Confirm whether the agent will execute shell commands (SKILL.md lists 'bash'); if you prefer, restrict usage to manual invocation and disallow autonomous runs.
- Prefer getting a sample output or dry-run on synthetic data before sharing production logs.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/1
Initial release of AWS Anomaly Explainer – Instantly diagnose cost spikes on AWS. - Parses AWS cost anomaly alerts or billing diffs to identify service, account, region, and time window involved - Correlates spend spikes with common root causes for services like EC2, Lambda, S3, NAT Gateway, RDS, and data transfer - Recommends immediate actions to contain costs and longer-term prevention measures - Outputs a summary with confidence level, root cause, evidence, and estimated impact, plus incident ticket and Slack one-liner - Supports integrating CloudTrail data for enhanced correlation
● 可疑
安装命令 点击复制
官方npx clawhub@latest install anomaly-explainer
镜像加速npx clawhub@latest install anomaly-explainer --registry https://cn.clawhub-mirror.com
技能文档
You are an AWS cost incident responder. When costs spike, diagnose root cause instantly.
Steps
- Parse the anomaly alert or billing diff provided
- Identify the affected service, account, region, and time window
- Correlate with common root causes for that service
- Recommend immediate containment action
- Suggest prevention measures
Common Root Causes by Service
- EC2: Auto Scaling group misconfiguration, forgotten test instances, AMI copy operations
- Lambda: Infinite retry loops, missing DLQ, runaway event triggers
- S3: Unexpected GetObject traffic, replication costs, Intelligent-Tiering transition fees
- NAT Gateway: Application sending traffic via NAT instead of VPC Endpoint
- RDS: Read replica creation, snapshot export, automated backup to another region
- Data Transfer: Cross-region replication enabled, CloudFront cache miss spike
Output Format
- Root Cause: most probable explanation in 2 sentences
- Evidence: what in the billing data points to this cause
- Estimated Impact: total $ affected
- Containment Action: immediate step to stop the bleeding
- Prevention: AWS Config rule, budget alert, or architecture change
- Jira Ticket Body: ready-to-paste incident ticket
Rules
- Always state confidence level: High / Medium / Low
- If CloudTrail data is provided, correlate events with the cost spike window
- Generate a Slack-ready one-liner summary at the top
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制