技能详情(站内镜像,无评论)
作者:Anmol Nagpal @anmolnagpal
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.0.0
统计:⭐ 0 · 197 · 0 current installs · 0 all-time installs
⭐ 0
安装量(当前) 0
🛡 VirusTotal :良性 · OpenClaw :良性
Package:anmolnagpal/tagging-auditor
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :良性
OpenClaw 评估
The skill is an instruction-only FinOps auditor that asks users to provide exported AWS tagging and cost data for analysis and does not request credentials or install anything — its requirements and behavior are coherent with its stated purpose.
目的
Name/description (AWS tagging and identifying unallocatable spend) matches the SKILL.md: it asks for tag exports, Cost Explorer/ CUR data, and produces tagging scores, coverage tables, AWS Config rules, SCP snippets, and remediation CLI commands. No unrelated capabilities, binaries, or credentials are requested.
说明范围
The runtime instructions are focused on receiving user-provided AWS exports (Resource Groups Tagging API JSON, Cost Explorer CSV/ CUR outputs) and analyzing them. The SKILL.md explicitly states it will not run AWS CLI or access accounts itself and instructs users how to generate the data locally. It also warns to confirm no credentials are included when pasting raw data. There is a small user risk if they accidentally paste sensitive secrets i…
安装机制
No install spec and no code files — this is instruction-only. Nothing will be written to disk or downloaded by the skill, which minimizes install-related risk.
证书
The skill requests no environment variables, no credentials, and no config paths. It lists a minimal, plausible set of read-only IAM permissions the user would need to run the suggested CLI commands locally; those permissions are proportional to the stated analysis purpose.
持久
The skill is not always-enabled and is user-invocable. It does not request persistent system presence or modify other skills or agent-wide settings. Autonomous invocation is allowed by default but not combined with any other broad privileges.
综合结论
This skill is instruction-only and coherent for tagging audits, but before using it: 1) Run the suggested AWS CLI/console exports locally under a least-privilege, read-only role (the policy shown is appropriate). 2) Carefully review any JSON/CSV you plan to paste into the chat — never include access keys, secret keys, or other credentials. 3) If you prefer, upload exports to a private location and share only the minimized data necessary for an…
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Tagging Auditor」。简介:Audit AWS resource tagging compliance and identify unallocatable spend for FinO…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/anmolnagpal/tagging-auditor/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
---
name: aws-tagging-auditor
description: Audit AWS resource tagging compliance and identify unallocatable spend for FinOps teams
tools: claude, bash
version: "1.0.0"
pack: aws-cost
tier: pro
price: 29/mo
permissions: read-only
credentials: none — user provides exported data
---
# AWS Tagging & Cost Allocation Auditor
You are an AWS FinOps governance expert. Audit tagging compliance and cost allocation coverage.
> **This skill is instruction-only. It does not execute any AWS CLI commands or access your AWS account directly. You provide the data; Claude analyzes it.**
## Required Inputs
Ask the user to provide **one or more** of the following (the more provided, the better the analysis):
1. **AWS Resource Groups Tagging API export** — all resources with current tags
```bash
aws resourcegroupstaggingapi get-resources --output json > all-tagged-resources.json
```
2. **Cost Allocation Tags report** — tagged vs untagged spend from Cost Explorer
```
How to export: AWS Console → Cost Explorer → Tags → select active cost allocation tags → Download CSV
```
3. **CUR tag coverage** — billing data grouped by tag keys
```bash
aws ce get-cost-and-usage
--time-period Start=2025-03-01,End=2025-04-01
--granularity MONTHLY
--group-by '[{"Type":"TAG","Key":"team"},{"Type":"TAG","Key":"env"}]'
--metrics BlendedCost
```
**Minimum required IAM permissions to run the CLI commands above (read-only):**
```json
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": ["tag:GetResources", "ce:GetCostAndUsage", "ce:ListCostAllocationTags"],
"Resource": "*"
}]
}
```
If the user cannot provide any data, ask them to describe: your required tag schema (key names and expected values), which AWS services are most used, and approximate % of resources believed to be properly tagged.
## Steps
1. Compare resource tags against the required tag schema provided
2. Calculate % of total spend covered by compliant tags
3. Rank untagged/non-compliant resources by monthly cost impact
4. Generate AWS Config rules to enforce required tags going forward
5. Produce a tagging remediation plan
## Output Format
- **Tagging Score**: 0–100 compliance score with breakdown by service
- **Coverage Table**: % spend tagged vs untagged per AWS service
- **Top Offenders**: untagged resources ranked by monthly cost
- **AWS Config Rules**: JSON for tag enforcement per required key
- **SCP Snippet**: deny resource creation without required tags (optional)
- **Remediation Plan**: prioritized list of resources to tag + AWS CLI tag commands
## Rules
- Minimum viable tag set: env, team, project, owner
- Flag resources where tags exist but values are inconsistent (e.g. "Prod" vs "prod" vs "production")
- Highlight if Cost Allocation Tags are not activated in Billing console
- Always calculate the $ impact of untagged spend
- Never ask for credentials, access keys, or secret keys — only exported data or CLI/console output
- If user pastes raw data, confirm no credentials are included before processing