{"id":"abd9605d-771e-4149-bf97-1d7080045fdc","shortId":"VWmA7W","kind":"skill","title":"tf-plan-review","tagline":"Analyze Terraform plans for risk before you apply. Classifies every change as safe, moderate, dangerous, or critical. Detects destroys, IAM changes, data-loss risks, and blast radius. Entirely read-only — never runs apply.","description":"# Terraform Plan Analyzer & Risk Assessor\n\nAnalyze `terraform plan` output and produce an AI-powered risk assessment of every infrastructure change — before you press apply.\n\n**This skill is STRICTLY READ-ONLY.** It runs `terraform plan` and `terraform validate` to analyze changes, but it **NEVER** runs `terraform apply`, `terraform destroy`, `terraform import`, `terraform taint`, or any command that modifies infrastructure or state.\n\n## Activation\n\nThis skill activates when the user mentions:\n- \"terraform plan\", \"tf plan\", \"review plan\", \"plan review\"\n- \"is this plan safe\", \"safe to apply\", \"risk assessment\"\n- \"what will be destroyed\", \"what changes\", \"terraform changes\"\n- \"terraform state\", \"state drift\", \"drift detection\"\n- \"terraform validate\", \"validate config\", \"tf validate\"\n- \"IAM changes\", \"security group changes\", \"infrastructure changes\"\n- \"blast radius\", \"cascade effects\", \"dependencies\"\n- \"tofu plan\", \"opentofu\" (same workflow, different binary)\n\n## Example Prompts\n\n1. \"Review this terraform plan before I apply\"\n2. \"What will be destroyed in this plan?\"\n3. \"Is this plan safe to apply?\"\n4. \"Show me the state drift\"\n5. \"What IAM changes are in this plan?\"\n6. \"Validate my terraform config in ~/infra/prod\"\n7. \"Run a risk assessment on the terraform plan in /deployments/staging\"\n8. \"What's the blast radius if I apply this plan?\"\n\n## Permissions\n\n```yaml\npermissions:\n exec: true # Required to run terraform/tofu CLI\n read: true # Read .tf files and plan output\n write: false # NEVER writes — strictly read-only analysis\n network: true # terraform plan needs provider API access\n```\n\n## Terraform Change Types — What the Agent Must Know\n\nUnderstanding Terraform change types is critical for accurate risk assessment:\n\n### Action Types (from plan JSON)\n\n| Action | Meaning | Risk Profile |\n|--------|---------|-------------|\n| `create` | New resource being added | Generally safe (unless IAM/security) |\n| `update` | Existing resource modified in-place | Moderate (depends on what's changing) |\n| `delete` | Resource being permanently destroyed | **DANGEROUS** — data loss risk |\n| `replace` (`delete` + `create`) | Resource must be destroyed and recreated | **DANGEROUS** — downtime + data loss |\n| `read` | Data source being refreshed | Safe (read-only) |\n| `no-op` | No changes needed | Safe |\n\n### What Makes a Change Dangerous\n\n**Critical (🔴 CRITICAL):**\n- Any destroy/replace of: IAM roles/policies, security groups, KMS keys, secrets, databases (RDS, DynamoDB, Cloud SQL, Azure SQL), S3 buckets, DNS records, WAF rules, CloudTrail\n- Any update to IAM policies, security group rules, encryption settings\n- These changes can cause **data loss**, **security breaches**, or **service outages**\n\n**Dangerous (🟠 DANGEROUS):**\n- Destroy/replace of: EC2 instances, load balancers, ECS/EKS clusters, VPCs, subnets, NAT gateways, Lambda functions, API gateways\n- These changes cause **downtime** and may require manual intervention to recover\n\n**Moderate (🟡 MODERATE):**\n- Updates to: autoscaling policies, monitoring/alerting rules, launch templates\n- Creates of: security-sensitive resources (new IAM roles, new security groups)\n- Changes that affect **capacity** or **observability** but not data integrity\n\n**Safe (🟢 SAFE):**\n- Tag-only updates\n- Creating new non-sensitive resources\n- No-op / read operations\n\n### Replace is Especially Dangerous\n\nWhen Terraform says it must \"replace\" a resource, it means:\n1. **Delete** the existing resource (irreversible)\n2. **Create** a new one with the new configuration\n\nThis is triggered when an immutable attribute changes (e.g., changing RDS `engine_version`, EC2 `ami`, changing a subnet's AZ). The agent should **always flag replaces prominently** because:\n- The old resource (and its data) is destroyed\n- There will be a gap between destroy and create (downtime)\n- Dependent resources may break during the transition\n\n## Agent Workflow\n\nFollow this sequence exactly based on user intent:\n\n### For Plan Analysis (\"review this plan\", \"is it safe\", \"what changes\")\n\n#### Step 1: Run Plan Analysis\n\n```bash\nbash /scripts/tf-plan-review.sh plan \n```\n\nIf no directory specified, use the current working directory.\n\nThe script outputs:\n- **stdout:** Structured JSON with all resource changes, risk classifications, and summary\n- **stderr:** Beautiful Markdown risk report\n\n#### Step 2: Interpret the JSON\n\nParse the JSON output. Key fields:\n\n```json\n{\n \"overall_risk\": \"🔴 CRITICAL | 🔴 HIGH | 🟡 MODERATE | 🟢 LOW\",\n \"summary\": {\n \"create\": 5,\n \"update\": 3,\n \"destroy\": 1,\n \"replace\": 0\n },\n \"risk_breakdown\": {\n \"critical\": 1,\n \"dangerous\": 0,\n \"moderate\": 2,\n \"safe\": 5\n },\n \"resources\": [\n {\n \"address\": \"aws_iam_role.admin\",\n \"action\": \"delete\",\n \"risk\": \"🔴 CRITICAL\"\n }\n ]\n}\n```\n\n#### Step 3: Present the Risk Assessment\n\nShow the Markdown report from stderr. Then add your own AI analysis:\n\n1. **Lead with the overall risk level** — make it viscerally clear\n2. **Highlight destroys and critical changes first** — these are what kill production\n3. **Explain WHY each critical change is dangerous** in plain English\n4. **Assess blast radius** — what other resources depend on the destroyed ones?\n5. **Present the pre-apply checklist** — what should the human verify?\n6. **Give a clear recommendation:** \"Safe to apply\" / \"Review needed\" / \"DO NOT APPLY without ___\"\n\n**Tone guidance for critical plans:**\n- Don't be polite about danger. If a plan destroys a production database, say so bluntly.\n- \"This plan will **permanently delete** your RDS instance `prod-db`. All data will be lost. Do you have a backup?\"\n- Make the \"oh shit\" moment impossible to miss.\n\n### For State Inspection (\"show me state\", \"what's managed\", \"state drift\")\n\n```bash\nbash /scripts/tf-plan-review.sh state \"\" \n```\n\nThe filter is optional — it greps resource addresses. Examples:\n- `bash /scripts/tf-plan-review.sh state \"iam\" .` → all IAM resources\n- `bash /scripts/tf-plan-review.sh state \"aws_instance\" .` → all EC2 instances\n- `bash /scripts/tf-plan-review.sh state \"\" .` → all resources\n\n### For Validation (\"validate config\", \"check syntax\")\n\n```bash\nbash /scripts/tf-plan-review.sh validate \n```\n\nReports configuration errors and warnings without running a plan.\n\n## Environment Variables\n\n| Variable | Default | Description |\n|----------|---------|-------------|\n| `TF_BINARY` | auto-detect | Override binary: `terraform`, `tofu`, or a path |\n| `TF_PLAN_TIMEOUT` | `600` | Timeout for `terraform plan` in seconds |\n\nThe script auto-detects `terraform` first, then `tofu`. Set `TF_BINARY=tofu` to force OpenTofu.\n\n## Error Handling\n\n| Situation | Behavior |\n|-----------|----------|\n| terraform/tofu not found | JSON error with install links for both |\n| jq not found | JSON error with install link |\n| No .tf files in directory | JSON error: \"No Terraform configuration files found\" |\n| Not initialized | Auto-runs `terraform init` (for plan) or `terraform init -backend=false` (for validate) |\n| Plan fails (provider errors) | Extracts error from plan JSON diagnostics, reports it |\n| Plan timeout | Process killed after TF_PLAN_TIMEOUT seconds |\n| State not found | JSON error explaining no state exists |\n| Empty state | Reports \"State is empty — no managed resources\" |\n\n## Safety — CRITICAL RULES\n\n1. **NEVER run `terraform apply`** — not even with `-auto-approve`, not even with `-target`, not even \"just this one resource\". NEVER.\n2. **NEVER run `terraform destroy`** — not under any circumstances.\n3. **NEVER run `terraform import`** — this modifies state.\n4. **NEVER run `terraform taint` or `terraform untaint`** — these modify state.\n5. **NEVER run `terraform state mv`, `terraform state rm`, or `terraform state push`** — these modify state.\n6. **Never expose cloud credentials** — if they appear in plan output, redact them.\n7. **Handle sensitive values** — Terraform marks values as `(sensitive)`. Never try to reveal them.\n8. **Never cache or store plan output** — plans can contain secrets in resource attributes.\n9. The ONLY terraform commands this skill runs are: `plan`, `show`, `state list`, `state show`, `validate`, `init`, `providers`.\n\nIf the user asks you to apply a plan, respond:\n> \"I can analyze and assess Terraform plans, but I cannot apply them. Applying infrastructure changes requires human review and explicit execution. Based on my analysis, here's what you should verify before running `terraform apply`...\"\n\n## Common Patterns & Agent Tips\n\n### \"Is this plan safe to apply?\"\nRun the plan analysis. If overall_risk is 🟢 LOW:\n> \"This plan looks safe. It creates X new resources with no destroys or security changes. The pre-apply checklist is straightforward.\"\n\nIf overall_risk is 🔴 CRITICAL:\n> \"⚠️ This plan has CRITICAL risk. [Explain specific dangers]. I strongly recommend review by another team member before applying.\"\n\n### \"What will be destroyed?\"\nRun plan, then filter for `action == \"delete\"` or `action == \"replace\"`. Present each with:\n- Resource address\n- Resource type\n- Why it matters (is it stateful? does it have data?)\n- What depends on it\n\n### \"What IAM changes are in this plan?\"\nRun plan, then filter resources matching IAM patterns. For each:\n- What permission is changing\n- Is it adding or removing access\n- Is it overly permissive (e.g., `Action: *`)\n\n### \"Show me the blast radius\"\nRun plan, identify all destroys/replaces, then explain:\n- What other resources reference the destroyed ones\n- What will break when the resource is gone\n- Whether Terraform will auto-fix the dependencies or if manual intervention is needed\n\n### Discord v2 Delivery Mode (OpenClaw v2026.2.14+)\n\nWhen the conversation is happening in a Discord channel:\n\n- Send a compact first summary (overall risk, destroy count, critical resources), then ask if the user wants the full report.\n- Keep the first response under ~1200 characters and avoid large Markdown tables in the first message.\n- If Discord components are available, include quick actions:\n - `Show Critical Changes`\n - `Show Destroyed Resources`\n - `Show Pre-Apply Checklist`\n- If components are not available, provide the same follow-ups as a numbered list.\n- Prefer short follow-up chunks (<=15 lines per message) for large plans.\n\n## Sensitive Data Handling\n\nTerraform plan JSON may contain sensitive values. The script does NOT extract resource attribute values — it only extracts resource addresses, types, and actions. However, when presenting results:\n\n- Never show attribute values marked `(sensitive)` by Terraform\n- Never show provider credentials or backend configuration secrets\n- If a user asks \"what value is changing?\", explain that you can see the change type but sensitive values are redacted by Terraform for security\n- Never store or cache plan output files\n\n## Powered by Anvil AI 🔍","tags":["plan","review","cacheforge","skills","cacheforge-ai","agent-skills","ai-agents","clawhub","devops","discord-v2","kubernetes","openclaw"],"capabilities":["skill","source-cacheforge-ai","skill-tf-plan-review","topic-agent-skills","topic-ai-agents","topic-cacheforge","topic-clawhub","topic-devops","topic-discord-v2","topic-kubernetes","topic-openclaw","topic-prometheus"],"categories":["cacheforge-skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/cacheforge-ai/cacheforge-skills/tf-plan-review","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add cacheforge-ai/cacheforge-skills","source_repo":"https://github.com/cacheforge-ai/cacheforge-skills","install_from":"skills.sh"}},"qualityScore":"0.454","qualityRationale":"deterministic score 0.45 from registry signals: · indexed on github topic:agent-skills · 8 github stars · SKILL.md body (10,958 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T19:09:05.017Z","embedding":null,"createdAt":"2026-05-18T13:14:39.305Z","updatedAt":"2026-05-18T19:09:05.017Z","lastSeenAt":"2026-05-18T19:09:05.017Z","tsv":"'/deployments/staging':222 '/infra/prod':211 '/scripts/tf-plan-review.sh':596,823,835,842,850,862 '0':652,658 '1':168,500,590,650,656,688,1008 '1200':1391 '15':1442 '2':176,506,627,660,699,1030 '3':184,648,671,711,1039 '4':191,722,1047 '5':197,646,662,734,1058 '6':205,746,1074 '600':893 '7':212,1087 '8':223,1101 '9':1115 'access':268,1303 'accur':284 'action':287,292,666,1251,1254,1309,1409,1474 'activ':102,105 'ad':300,1300 'add':683 'address':664,832,1260,1471 'affect':461 'agent':274,536,568,1180 'ai':53,686,1530 'ai-pow':52 'alway':538 'ami':529 'analysi':260,580,593,687,1167,1191 'analyz':5,42,45,80,1145 'anoth':1237 'anvil':1529 'api':267,424 'appear':1081 'appli':12,39,64,87,124,175,190,231,739,753,758,1012,1139,1153,1155,1177,1187,1215,1241,1419 'approv':1018 'ask':1136,1378,1498 'assess':56,126,216,286,675,723,1147 'assessor':44 'attribut':521,1114,1465,1481 'auto':881,903,953,1017,1341 'auto-approv':1016 'auto-detect':880,902 'auto-fix':1340 'auto-run':952 'autosc':441 'avail':1406,1425 'avoid':1394 'aw':844 'aws_iam_role.admin':665 'az':534 'azur':378 'backend':962,1492 'backup':801 'balanc':415 'base':574,1164 'bash':594,595,821,822,834,841,849,860,861 'beauti':622 'behavior':919 'binari':165,879,884,911 'blast':31,154,227,724,1313 'blunt':780 'breach':404 'break':564,1331 'breakdown':654 'bucket':381 'cach':1103,1523 'cannot':1152 'capac':462 'cascad':156 'caus':400,428 'chang':15,25,60,81,132,134,148,151,153,200,270,279,317,353,359,398,427,459,522,524,530,588,616,704,716,1157,1211,1279,1297,1412,1502,1509 'channel':1365 'charact':1392 'check':858 'checklist':740,1216,1420 'chunk':1441 'circumst':1038 'classif':618 'classifi':13 'clear':698,749 'cli':243 'cloud':376,1077 'cloudtrail':386 'cluster':417 'command':96,1119 'common':1178 'compact':1368 'compon':1404,1422 'config':144,209,857 'configur':514,865,947,1493 'contain':1110,1456 'convers':1359 'count':1374 'creat':296,329,447,475,507,559,645,1202 'credenti':1078,1490 'critic':21,282,361,362,640,655,669,703,715,763,1006,1223,1227,1375,1411 'current':604 'danger':19,323,336,360,408,409,489,657,718,770,1231 'data':27,324,338,341,401,467,548,793,1272,1450 'data-loss':26 'databas':373,777 'db':791 'default':876 'delet':318,328,501,667,785,1252 'deliveri':1353 'depend':158,313,561,729,1274,1344 'descript':877 'destroy':23,89,130,180,322,333,550,557,649,701,732,774,1034,1208,1245,1327,1373,1414 'destroy/replace':364,410 'destroys/replaces':1319 'detect':22,140,882,904 'diagnost':975 'differ':164 'directori':600,606,942 'discord':1351,1364,1403 'dns':382 'downtim':337,429,560 'drift':138,139,196,820 'dynamodb':375 'e.g':523,1308 'ec2':412,528,847 'ecs/eks':416 'effect':157 'empti':996,1001 'encrypt':395 'engin':526 'english':721 'entir':33 'environ':873 'error':866,916,924,934,944,969,971,991 'especi':488 'even':1014,1020,1024 'everi':14,58 'exact':573 'exampl':166,833 'exec':237 'execut':1163 'exist':306,503,995 'explain':712,992,1229,1321,1503 'explicit':1162 'expos':1076 'extract':970,1463,1469 'fail':967 'fals':253,963 'field':636 'file':248,940,948,1526 'filter':826,1249,1287 'first':705,906,1369,1388,1400 'fix':1342 'flag':539 'follow':570,1430,1439 'follow-up':1429,1438 'forc':914 'found':922,932,949,989 'full':1384 'function':423 'gap':555 'gateway':421,425 'general':301 'give':747 'gone':1336 'grep':830 'group':150,369,393,458 'guidanc':761 'handl':917,1088,1451 'happen':1361 'high':641 'highlight':700 'howev':1475 'human':744,1159 'iam':24,147,199,366,390,454,837,839,1278,1290 'iam/security':304 'identifi':1317 'immut':520 'import':91,1043 'imposs':807 'in-plac':309 'includ':1407 'infrastructur':59,99,152,1156 'init':956,961,1131 'initi':951 'inspect':812 'instal':926,936 'instanc':413,788,845,848 'integr':468 'intent':577 'interpret':628 'intervent':434,1348 'irrevers':505 'jq':930 'json':291,612,630,633,637,923,933,943,974,990,1454 'keep':1386 'key':371,635 'kill':709,981 'kms':370 'know':276 'lambda':422 'larg':1395,1447 'launch':445 'lead':689 'level':694 'line':1443 'link':927,937 'list':1127,1435 'load':414 'look':1199 'loss':28,325,339,402 'lost':796 'low':643,1196 'make':357,695,802 'manag':818,1003 'manual':433,1347 'mark':1092,1483 'markdown':623,678,1396 'match':1289 'matter':1265 'may':431,563,1455 'mean':293,499 'member':1239 'mention':109 'messag':1401,1445 'miss':809 'mode':1354 'moder':18,312,437,438,642,659 'modifi':98,308,1045,1056,1072 'moment':806 'monitoring/alerting':443 'must':275,331,494 'mv':1063 'nat':420 'need':265,354,755,1350 'network':261 'never':37,84,254,1009,1029,1031,1040,1048,1059,1075,1096,1102,1479,1487,1520 'new':297,453,456,476,509,513,1204 'no-op':349,481 'non':478 'non-sensit':477 'number':1434 'observ':464 'oh':804 'old':544 'one':510,733,1027,1328 'op':351,483 'openclaw':1355 'opentofu':161,915 'oper':485 'option':828 'outag':407 'output':48,251,609,634,1084,1107,1525 'over':1306 'overal':638,692,1193,1220,1371 'overrid':883 'pars':631 'path':889 'pattern':1179,1291 'per':1444 'perman':321,784 'permiss':234,236,1295,1307 'place':311 'plain':720 'plan':3,7,41,47,75,111,113,115,116,120,160,172,183,187,204,220,233,250,264,290,579,583,592,597,764,773,782,872,891,897,958,966,973,978,984,1083,1106,1108,1124,1141,1149,1184,1190,1198,1225,1247,1283,1285,1316,1448,1453,1524 'polici':391,442 'polit':768 'power':54,1527 'pre':738,1214,1418 'pre-appli':737,1213,1417 'prefer':1436 'present':672,735,1256,1477 'press':63 'process':980 'prod':790 'prod-db':789 'produc':50 'product':710,776 'profil':295 'promin':541 'prompt':167 'provid':266,968,1132,1426,1489 'push':1070 'quick':1408 'radius':32,155,228,725,1314 'rds':374,525,787 'read':35,70,244,246,258,340,347,484 'read-on':34,69,257,346 'recommend':750,1234 'record':383 'recov':436 'recreat':335 'redact':1085,1515 'refer':1325 'refresh':344 'remov':1302 'replac':327,486,495,540,651,1255 'report':625,679,864,976,998,1385 'requir':239,432,1158 'resourc':298,307,319,330,452,480,497,504,545,562,615,663,728,831,840,853,1004,1028,1113,1205,1259,1261,1288,1324,1334,1376,1415,1464,1470 'respond':1142 'respons':1389 'result':1478 'reveal':1099 'review':4,114,117,169,581,754,1160,1235 'risk':9,29,43,55,125,215,285,294,326,617,624,639,653,668,674,693,1194,1221,1228,1372 'rm':1066 'role':455 'roles/policies':367 'rule':385,394,444,1007 'run':38,73,85,213,241,591,870,954,1010,1032,1041,1049,1060,1122,1175,1188,1246,1284,1315 's3':380 'safe':17,121,122,188,302,345,355,469,470,586,661,751,1185,1200 'safeti':1005 'say':492,778 'script':608,901,1460 'second':899,986 'secret':372,1111,1494 'secur':149,368,392,403,450,457,1210,1519 'security-sensit':449 'see':1507 'send':1366 'sensit':451,479,1089,1095,1449,1457,1484,1512 'sequenc':572 'servic':406 'set':396,909 'shit':805 'short':1437 'show':192,676,813,1125,1129,1310,1410,1413,1416,1480,1488 'situat':918 'skill':66,104,1121 'skill-tf-plan-review' 'sourc':342 'source-cacheforge-ai' 'specif':1230 'specifi':601 'sql':377,379 'state':101,136,137,195,811,815,819,824,836,843,851,987,994,997,999,1046,1057,1062,1065,1069,1073,1126,1128,1268 'stderr':621,681 'stdout':610 'step':589,626,670 'store':1105,1521 'straightforward':1218 'strict':68,256 'strong':1233 'structur':611 'subnet':419,532 'summari':620,644,1370 'syntax':859 'tabl':1397 'tag':472 'tag-on':471 'taint':93,1051 'target':1022 'team':1238 'templat':446 'terraform':6,40,46,74,77,86,88,90,92,110,133,135,141,171,208,219,263,269,278,491,885,896,905,946,955,960,1011,1033,1042,1050,1053,1061,1064,1068,1091,1118,1148,1176,1338,1452,1486,1517 'terraform/tofu':242,920 'tf':2,112,145,247,878,890,910,939,983 'tf-plan-review':1 'timeout':892,894,979,985 'tip':1181 'tofu':159,886,908,912 'tone':760 'topic-agent-skills' 'topic-ai-agents' 'topic-cacheforge' 'topic-clawhub' 'topic-devops' 'topic-discord-v2' 'topic-kubernetes' 'topic-openclaw' 'topic-prometheus' 'transit':567 'tri':1097 'trigger':517 'true':238,245,262 'type':271,280,288,1262,1472,1510 'understand':277 'unless':303 'untaint':1054 'up':1431 'updat':305,388,439,474,647 'use':602 'user':108,576,1135,1381,1497 'v2':1352 'v2026.2.14':1356 'valid':78,142,143,146,206,855,856,863,965,1130 'valu':1090,1093,1458,1466,1482,1500,1513 'variabl':874,875 'verifi':745,1173 'version':527 'viscer':697 'vpcs':418 'waf':384 'want':1382 'warn':868 'whether':1337 'without':759,869 'work':605 'workflow':163,569 'write':252,255 'x':1203 'yaml':235","prices":[{"id":"fc2b8dcb-c361-4b71-97ef-a6991e996add","listingId":"abd9605d-771e-4149-bf97-1d7080045fdc","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"cacheforge-ai","category":"cacheforge-skills","install_from":"skills.sh"},"createdAt":"2026-05-18T13:14:39.305Z"}],"sources":[{"listingId":"abd9605d-771e-4149-bf97-1d7080045fdc","source":"github","sourceId":"cacheforge-ai/cacheforge-skills/tf-plan-review","sourceUrl":"https://github.com/cacheforge-ai/cacheforge-skills/tree/main/skills/tf-plan-review","isPrimary":false,"firstSeenAt":"2026-05-18T13:14:39.305Z","lastSeenAt":"2026-05-18T19:09:05.017Z"}],"details":{"listingId":"abd9605d-771e-4149-bf97-1d7080045fdc","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"cacheforge-ai","slug":"tf-plan-review","github":{"repo":"cacheforge-ai/cacheforge-skills","stars":8,"topics":["agent-skills","ai-agents","cacheforge","clawhub","devops","discord-v2","kubernetes","openclaw","prometheus"],"license":"mit","html_url":"https://github.com/cacheforge-ai/cacheforge-skills","pushed_at":"2026-02-22T20:49:48Z","description":"⚡ SOTA agent skills for OpenClaw — observability, security, code quality, incident response, and more. Built by Anvil AI.","skill_md_sha":"c525e38d6b64459ef5f95b7064377e88b63d6ebb","skill_md_path":"skills/tf-plan-review/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/cacheforge-ai/cacheforge-skills/tree/main/skills/tf-plan-review"},"layout":"multi","source":"github","category":"cacheforge-skills","frontmatter":{"name":"tf-plan-review","description":"Analyze Terraform plans for risk before you apply. Classifies every change as safe, moderate, dangerous, or critical. Detects destroys, IAM changes, data-loss risks, and blast radius. Entirely read-only — never runs apply."},"skills_sh_url":"https://skills.sh/cacheforge-ai/cacheforge-skills/tf-plan-review"},"updatedAt":"2026-05-18T19:09:05.017Z"}}