terraform-module-linter

Lint Terraform modules and configurations (.tf files) for structure, naming, security, and best practices. 24 rules across structure, naming, security, and best practices categories. Supports HCL syntax parsing.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "terraform-module-linter" with this command: npx skills add charlie-morrison/terraform-module-linter

Terraform Module Linter

Lint Terraform .tf files and modules for structure, naming conventions, security issues, and best practices.

Commands

# Lint a Terraform directory (all rules)
python3 scripts/terraform_module_linter.py lint path/to/module/

# Check security issues only
python3 scripts/terraform_module_linter.py security path/to/module/

# Check naming conventions
python3 scripts/terraform_module_linter.py naming path/to/module/

# Validate module structure
python3 scripts/terraform_module_linter.py validate path/to/module/

# Lint a single file
python3 scripts/terraform_module_linter.py lint path/to/main.tf

# JSON output
python3 scripts/terraform_module_linter.py lint path/to/module/ --format json

# Summary only
python3 scripts/terraform_module_linter.py lint path/to/module/ --format summary

Rules (24)

Structure (6)

  • Missing main.tf, variables.tf, or outputs.tf
  • Missing terraform block with required_version
  • Missing required_providers block
  • Empty variable/output blocks
  • Unused variables (declared but not referenced)
  • Missing variable descriptions

Naming (6)

  • Resource names must be snake_case
  • Variable names must be snake_case
  • Output names must be snake_case
  • Module names must be snake_case
  • Local names must be snake_case
  • Data source names must be snake_case

Security (6)

  • Hardcoded credentials/secrets in values
  • Overly permissive IAM policies (*)
  • Missing encryption configuration
  • Public access enabled (public_access, publicly_accessible)
  • Hardcoded IP addresses (0.0.0.0/0)
  • Sensitive variables without sensitive flag

Best Practices (6)

  • Missing variable type constraints
  • Missing variable default values
  • Missing output descriptions
  • Using deprecated resource attributes
  • Missing lifecycle blocks for stateful resources
  • Missing tags on taggable resources

Output Formats

  • text (default): Human-readable with colors and severity icons
  • json: Machine-readable with file, line, rule, severity, message
  • summary: Counts by severity only

Exit Codes

  • 0: No issues (or warnings only)
  • 1: Errors found
  • 2: Invalid input

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

agent-bom vulnerability intel

Use agent-bom to check package, SBOM, inventory, and agent dependency exposure against OSV, GitHub Security Advisories, NVD, EPSS, and CISA KEV with explicit...

Registry SourceRecently Updated
580msaad00
Security

agent-bom runtime

AI runtime security monitoring — context graph analysis, runtime audit log correlation with CVE findings, and vulnerability analytics queries. Use when the u...

Registry SourceRecently Updated
8210msaad00
Security

agent-bom registry

MCP server security registry and trust assessment — look up servers in the 427+ server security metadata registry, run pre-install marketplace checks, batch...

Registry SourceRecently Updated
8060msaad00
Security

agent-bom scan

Open security scanner for agentic infrastructure — agents, MCP, packages, blast radius, runtime, and trust for package CVEs (OSV, NVD, EPSS, KEV), container...

Registry SourceRecently Updated
8020msaad00