Official Verified developer tools Safety 5/5

aws-terraform-security-reviewer

Review Terraform plans and HCL files for AWS security misconfigurations before deployment

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/anmolnagpal/terraform-reviewer

Download Source Code (.zip)

What This Skill Does

The aws-terraform-security-reviewer is a specialized security analysis tool designed for DevOps and Cloud Engineers. It acts as an automated security architect, scanning your Terraform HCL files and JSON-formatted terraform plan outputs to identify potential AWS misconfigurations before they are deployed to your infrastructure. By leveraging this skill, teams can shift security left, reducing the risk of data leaks, unauthorized access, and compliance violations associated with infrastructure-as-code (IaC).

Installation

You can install this skill directly via the OpenClaw command-line interface. Run the following command in your terminal: clawhub install openclaw/skills/skills/anmolnagpal/terraform-reviewer

Use Cases

This skill is ideal for:

Pre-deployment Security Gates: Integrate into your CI/CD pipeline to block or flag risky Terraform changes before they reach production.
Compliance Audits: Map your infrastructure configuration directly against CIS AWS Foundations Benchmark v2.0 controls.
Peer Review Assistance: Generate structured, GitHub-ready review comments for your team members to streamline code reviews and enforce best practices.

Example Prompts

"Here is my tfplan.json file. Please analyze it for any S3 buckets that are publicly accessible or missing server-side encryption."
"I am defining a new EKS cluster. Can you check my HCL code for any insecure API endpoint settings and verify if my security group rules are too broad?"
"Review this resource block for an EC2 instance. Ensure that IMDSv2 is enforced and that it isn't assigned a public IP address."

Tips & Limitations

Provide Context: The more data you provide (HCL files combined with terraform plan output), the more accurate the analysis.
No Real-Time Access: Remember that this tool is instruction-only. It cannot access your AWS account directly; it depends entirely on the data you provide.
Data Privacy: Ensure you sanitize any sensitive information such as secret keys or proprietary ARNs before pasting. While the AI is robust, treat your plan outputs as sensitive configuration data.
Limitations: A terraform plan only shows the intended state. It cannot detect drift or existing misconfigurations that were applied manually outside of your Terraform state.

Read Full Documentation on GitHub

Metadata

Author@anmolnagpal

Stars4473

Updated2026-05-01

View Author Profile

AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill

Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-anmolnagpal-terraform-reviewer": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Tags(AI)

#terraform#security#aws#infrastructure-as-code#devsecops

Safety Score: 5/5

Related Skills

aws-compliance-analyzer

Map AWS environment against CIS, SOC 2, HIPAA, or PCI-DSS controls with prioritized remediation

anmolnagpal 4473

azure-storage-exposure-auditor

Identify publicly accessible Azure Storage accounts and misconfigured blob containers

anmolnagpal 4473

aws-tagging-auditor

Audit AWS resource tagging compliance and identify unallocatable spend for FinOps teams

anmolnagpal 4473

aws-cloudtrail-threat-detector

Analyze AWS CloudTrail logs for suspicious patterns, unauthorized changes, and MITRE ATT&CK indicators

anmolnagpal 4473

gcp-bigquery-optimizer

Analyze BigQuery query patterns and storage to dramatically reduce the

anmolnagpal 4473