KiloClawPowered by OpenClaw
Back to Cookbook
OpenClaw recipe

Terraform Plan Risk-Rated Reviewer

aka “Plan Whisperer

Spot the destroy hiding in 2,000 lines of Terraform plan

Runs terraform plan, parses the JSON output, and gives you a risk-rated summary. Flags resource deletions, replacements, and security-sensitive changes (IAM, security groups, databases) so you catch the dangerous stuff before it hits production.

House RecipeWork2 min
Try in KiloClawFree 7-day trial

INGREDIENTS

🐙GitHub

PROMPT

Create a skill called "Plan Whisperer". When I point you at a Terraform directory, run `terraform plan -out=tfplan && terraform show -json tfplan` and analyze the JSON output. Categorize every resource change by risk: - CRITICAL: any destroy or replace action - HIGH: changes to IAM, security groups, databases, encryption, DNS - MEDIUM: updates to compute, networking, storage configuration - LOW: creates, tag-only changes, output changes For each CRITICAL and HIGH change, explain what will happen in plain English and flag if it could cause downtime. Calculate the blast radius (dependent resources). Generate a concise summary suitable for a PR comment, plus a detailed breakdown I can expand if needed.

How It Works

Instead of scrolling through hundreds of lines of plan output looking for

the one `forces replacement` that's going to take down your database, this

skill categorizes every change by risk level and surfaces the scary stuff first.

What You Get

  • Risk-rated plan summary: destroy (critical) → replace (high) → update (medium) → create (low)
  • Highlighted security-sensitive changes (IAM, security groups, encryption settings)
  • Blast radius analysis: which other resources depend on changed resources
  • Database and stateful resource change warnings
  • One-line summary suitable for a PR comment
  • Full breakdown available on request

Setup Steps

  1. Ensure Terraform is initialized in your working directory
  2. Ask your Claw to review the plan for a given directory or workspace
  3. Review the risk-rated summary
  4. Drill into any flagged changes for details

Tips

  • Works by running `terraform plan -out=tfplan` and parsing `terraform show -json tfplan`
  • Can compare plans across workspaces to catch environment drift
  • Ask it to generate the PR comment format for your team's review process
  • Pairs well with environment drift detection for cross-env consistency checks
Tags:#terraform#iac#devops#code-review

Related Recipes

Drift Hunter

Find out who made that "quick fix" in the AWS console

Runs Terraform drift checks across your workspaces and surfaces everything that's drifted from your declared state. Catches manual console changes, forgot-to-import resources, and environment inconsistencies before they cause the next outage.

Work3 min

Context Switching Guardrails

Protect deep work without ignoring urgent realities

Reduce productivity loss from interruptions by setting focus windows, defining urgency criteria, and batching shallow work (reviews, chat, triage) into predictable blocks.

Work12 min

Source Hunter

Real sources, named experts, actual quotes

Deep research that finds primary sources with named individuals, community sentiment from Reddit/HN/X, and news coverage. No summaries of summaries — actual quotes with URLs.

Creative1 min

CLAWBITE AI

Local-first AI assistant that automates small daily tasks safely on your device

A personal, local-first AI assistant that automates small daily tasks—organizing files, setting reminders, and monitoring system events—without touching sensitive data or taking risky actions without your approval.

Personal5 min