Soc2 Evidence Collector
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only SOC2 helper is purpose-aligned, but its generated scripts and evidence packages may handle sensitive cloud, identity, security, and audit data.
This looks like a normal instruction-only SOC2 evidence collection skill. Before installing or using it, confirm that any generated scripts are read-only, scoped to your audit boundary, and reviewed by someone familiar with your AWS, GitHub, and IdP environments. Treat generated evidence packages as sensitive audit material.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running generated scripts could query production or administrative systems and collect sensitive evidence.
The skill is expected to generate automation that interacts with important cloud, source-control, and identity systems. This is disclosed and purpose-aligned, but generated scripts should be reviewed before use.
Creates automated collection scripts for AWS, GitHub, and IdP platforms
Review generated scripts before execution, run them with read-only or least-privilege credentials, and limit them to the systems in audit scope.
Evidence exports may reveal who has access to systems, what privileges they have, and how identity controls are configured.
The skill explicitly targets identity and access-management evidence. That is normal for SOC2, but it involves privileged account and role information.
Access control matrix | IdP / IAM console | Export user-role mappings
Use scoped read-only access, avoid broad admin tokens where possible, and redact unnecessary personal or security-sensitive details before sharing evidence.
The resulting package may contain sensitive reports, logs, access records, incident details, or privacy-related data.
Audit evidence packages can persist collected security, operational, identity, and privacy information for later reuse or sharing.
produce audit-ready evidence packages
Store generated evidence packages securely, restrict access to the audit team, apply retention limits, and redact secrets or unrelated personal data.