Stats
Actions
Tags
From aws
Read-only cross-dimension scan of a project's AWS environment. Surfaces issues across app health, infra health, cost, security, reliability, and hygiene, then produces one concise ranked report with recommended actions. Use for a periodic health/risk sweep, before a release, or when the user asks "is anything wrong in AWS?"
How this skill is triggered — by the user, by Claude, or both
Slash command
/aws:report-anomaliesThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Scan the AWS environment across six dimensions and produce one consolidated,
Scan the AWS environment across six dimensions and produce one consolidated, ranked anomaly report. This skill is strictly read-only and never mutates any resource.
Resolve the target environment.
a. Read .claude/aws-profiles.local.json. The top-level keys are the valid
environment names; each maps to an object with profile and region.
aws:discover to create
.claude/aws-profiles.local.json before scanning."b. If --env was supplied, validate it against the discovered keys.
If it is not a valid key, stop immediately and report:
"Unknown environment ''. Valid environments: , , …"
c. If --env was not supplied, ask the user which environment to scan,
offering ONLY the environments discovered from that file. Never invent or
assume names (e.g., do not guess "staging").
d. Confirm SSO authentication for the resolved environment:
node ${CLAUDE_PLUGIN_ROOT}/scripts/awsx.mjs whoami --env <env>
Stop immediately if authentication fails and report the error.
Read .claude/aws-stack.md to identify all deployed roles and resource
logical names. Use this file to scope every subsequent query.
For each role in the stack, resolve concrete AWS IDs:
node ${CLAUDE_PLUGIN_ROOT}/scripts/awsx.mjs resolve <role> --env <env> --json
Fan out the six dimension investigations in parallel. All six run concurrently because they are independent and read-only.
Dimension 1: App health (investigate directly with read-tier aws commands)
aws cloudwatch get-metric-statistics).stoppedReason and exit codes
(aws ecs list-tasks --desired-status STOPPED, then describe-tasks).Dimension 2: Infra health (investigate directly with read-tier aws commands)
aws cloudwatch describe-alarms --state-value ALARM).aws cloudformation describe-stacks).aws cloudformation describe-stack-drift-detection-status).Dimension 3: Cost (delegate to the cost-analyst subagent)
.claude/aws-stack.md.Dimension 4: Security (delegate to the security-auditor subagent)
.claude/aws-stack.md.Dimension 5: Reliability (investigate directly with read-tier aws commands)
aws service-quotas list-service-quotas and
aws service-quotas get-aws-default-service-quota).Dimension 6: Hygiene (investigate directly with read-tier aws commands)
aws acm list-certificates, then describe-certificate).aws secretsmanager list-secrets).aws iam list-users, then list-access-keys per user)..claude/aws-stack.md:
aws:discover --env <env> --check
If any dimension cannot be checked (insufficient permissions, feature not enabled, or service not in scope), record that fact explicitly as "SKIPPED: " for that dimension rather than omitting it silently.
Consolidate all findings from all six dimensions into one report using the output format below. Do not emit six separate sections with raw data. Map every finding to a severity before writing the report.
Severity mapping:
Sort findings Critical first, then High, Medium, Low. Within each severity level, order by dimension number (1 through 6).
Write the final report as plain text. Use a short table or bullet list per
severity tier. Each finding line must state:
[Dimension] <role/resource logical name> — <problem> → RECOMMENDED ACTION: <action>
Close the report with one summary line:
Overall: <N> Critical, <N> High, <N> Medium, <N> Low — <one-phrase status>
Example: Overall: 0 Critical, 1 High, 3 Medium, 2 Low — review before next release
/aws:report-anomalies --env prod
/aws:report-anomalies --env preview
Expected output shape (abbreviated):
AWS Anomaly Report — prod — 2026-06-15
CRITICAL
[App Health] api-lambda — error rate 12% in last 1h (threshold 1%) → RECOMMENDED ACTION: check recent deploys and roll back if correlated
HIGH
[Cost] etl-fargate — spend $340 this week vs $180 last week (+89%) → RECOMMENDED ACTION: review ECS task scaling policy
MEDIUM
[Hygiene] api-tls-cert — expires in 18 days → RECOMMENDED ACTION: trigger ACM renewal or update DNS validation record
[Security] etl-bucket — public read ACL enabled → RECOMMENDED ACTION: set bucket ACL to private and enable Block Public Access
LOW
[Infra Health] etl-stack — drift detected on 1 resource → RECOMMENDED ACTION: run cdk diff and re-deploy to reconcile
SKIPPED
[Reliability] Service quota check — insufficient permissions for service-quotas:ListServiceQuotas
Overall: 1 Critical, 1 High, 2 Medium, 1 Low — address critical before next deployment
Creates, edits, and optimizes skills for Claude Code, including drafting, evaluating with test prompts, iterating on performance, and improving skill descriptions for better triggering accuracy.
npx claudepluginhub rcrsr/aws