⚠️Install with caution. This skill has very few installs. Always review the source and verify it on clawhub.ai before installing. Community-built skills run with agent permissions — only install ones you trust.

☁️ DevOps & Cloud

tf-plan-reviewv0.2.1

Name: tf-plan-review
Author: tkuehnl

tf-plan-review

tkuehnl

Analyze Terraform plans for risk before you apply. Classifies every change as safe, moderate, dangerous, or critical. Detects destroys, IAM changes, data-los...

cloud-infracode-reviewdeploymentdevops

Download Package View on ClawHub

Installs (all time)

Installs (current)

Downloads

665

Stars

CreatedFeb 16, 2026

UpdatedFeb 26, 2026

Install & Quick Start

Install via ClawdBot CLI:

clawdbot install tkuehnl/tf-plan-review

Skill Package6 files

📋SKILL.mdmarkdown

Failed to load file.

Quality Score

B63/100

Grade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.

Market Validation7/35

· 3 installs (very low)
· 244 downloads (low demand)

Documentation20/25

· SKILL.md present
· Detailed documentation (≥3000 chars)
· Contains usage examples or trigger description
· Detailed summary

Package Completeness11/15

· skillAssets present (5 files)

Security Analysis

💙 Low Risk

UNSAFE_SHELLmedium

Potentially destructive shell commands in tool definitions

rm -rf /

UNDOCUMENTED_EXTERNALlow

Calls external URL not in known-safe list

https://anvil-ai.io

KNOWN_EXTERNALlow

Uses known external API (expected, informational)

amazonaws.com

AI Analysis

The skill's core functionality is read-only analysis of Terraform plans, which aligns with its stated purpose and permissions. The flagged signals are expected for a tool that runs `terraform plan` (requires network access to provider APIs) and parses shell-like commands within user-provided configuration files. No evidence of credential harvesting, data exfiltration, or hidden malicious instructions was found.

💡

Usage Guide

Generated Mar 1, 2026

DevOps EngineersSite Reliability Engineers (SREs)Cloud Security Analystsbeginner

💡 Application Scenarios

Pre-Apply Risk Review for Production InfrastructureTechnology/SaaS

A DevOps engineer prepares to apply a Terraform plan to update a production environment. The skill analyzes the plan, flags a critical IAM policy change and a database replace action, preventing a potential security misconfiguration and data loss. It provides a detailed risk breakdown and a clear 'DO NOT APPLY' recommendation with verification steps.

Compliance and Security Audit for Cloud ResourcesFinance/Healthcare

A security team uses the skill to review Terraform plans in a regulated industry (e.g., finance or healthcare) before deployment. It detects unauthorized IAM modifications or deletions of encryption keys, ensuring changes comply with internal policies and regulatory standards like HIPAA or PCI-DSS, and generates an audit-ready risk report.

Infrastructure Drift Detection and State AnalysisE-commerce/Retail

An SRE investigates unexpected infrastructure behavior by running the skill to compare current state with configuration. It identifies drift, such as manually modified security group rules or deleted resources, classifying each change's risk to prioritize remediation without disrupting services, aiding in maintaining infrastructure consistency.

Training and Onboarding for Junior DevOps EngineersEducation/Consulting

A team lead integrates the skill into a development workflow to mentor new engineers. When they submit a Terraform plan, the skill provides educational feedback on risk levels (e.g., why a replace action is dangerous), helping them learn best practices and avoid costly mistakes in non-production environments like staging.

Multi-Cloud Deployment Validation with OpenTofuCloud Services/Managed Hosting

A company using OpenTofu for multi-cloud infrastructure (e.g., AWS and Azure) applies the skill to review plans across providers. It assesses cross-resource dependencies and blast radius, flagging critical changes like VPC deletions that could cascade across clouds, ensuring safe and coordinated deployments.

💼 Business Models

SaaS Subscription for DevOps TeamsRecurring monthly or annual subscriptions

Offer the skill as part of a paid SaaS platform where teams pay a monthly fee per user or project. It integrates with CI/CD pipelines and provides advanced features like historical risk tracking, team collaboration tools, and compliance reporting, generating recurring revenue from enterprises.

Consulting and Managed ServicesProject-based fees or retainer contracts

Provide professional services where experts use the skill to audit and review client Terraform deployments. This includes custom risk assessments, training workshops, and ongoing support contracts, leveraging the skill as a tool to deliver high-value consulting engagements.

Freemium Model with Premium FeaturesFreemium with tiered pricing for advanced features

Release a free version of the skill for individual developers with basic risk analysis. Monetize by offering premium tiers for teams, including features like automated policy enforcement, integration with enterprise tools (e.g., Jira, Slack), and priority support, driving upgrades from growing organizations.

💬 Integration Tip

Integrate the skill into CI/CD pipelines by triggering it automatically on pull requests with Terraform changes, providing immediate risk feedback before merging to prevent unsafe deployments.