Cyber Kev Triage
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is a coherent CVE triage helper with no evidence of exfiltration or malicious behavior, though it writes user-specified report files and its dry-run flag is slightly misleading.
This skill looks safe for its intended use. Provide only the vulnerability and asset data you want included in the report, and write output to a dedicated file or folder. Be aware that the dry-run flag still produces an output artifact.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If pointed at an existing or sensitive path, the script could overwrite or create local report files there.
The helper writes to a caller-specified output path and can create parent directories. This is expected for a triage report generator, but users should choose the output location intentionally.
parser.add_argument("--output", required=True, help="Path to output artifact.") ... output_path.parent.mkdir(parents=True, exist_ok=True) ... output_path.write_text(json.dumps(result, indent=2), encoding="utf-8")Use a dedicated report/output directory and avoid pointing --output at important existing files.
A user who expects --dry-run to avoid all file writes may still get an output file created or overwritten.
The CLI help says dry-run has no side effects, but the main flow still calls render and writes the output artifact. This appears to be a minor wording/behavior mismatch rather than hidden malicious behavior.
parser.add_argument("--dry-run", action="store_true", help="Run without side effects.") ... render(result, Path(args.output), args.format)Do not rely on --dry-run to suppress output creation; treat it as a report flag unless the implementation is changed.