Soc2 Evidence Collector
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running generated scripts could query production or administrative systems and collect sensitive evidence.
The skill is expected to generate automation that interacts with important cloud, source-control, and identity systems. This is disclosed and purpose-aligned, but generated scripts should be reviewed before use.
Creates automated collection scripts for AWS, GitHub, and IdP platforms
Review generated scripts before execution, run them with read-only or least-privilege credentials, and limit them to the systems in audit scope.
Evidence exports may reveal who has access to systems, what privileges they have, and how identity controls are configured.
The skill explicitly targets identity and access-management evidence. That is normal for SOC2, but it involves privileged account and role information.
Access control matrix | IdP / IAM console | Export user-role mappings
Use scoped read-only access, avoid broad admin tokens where possible, and redact unnecessary personal or security-sensitive details before sharing evidence.
The resulting package may contain sensitive reports, logs, access records, incident details, or privacy-related data.
Audit evidence packages can persist collected security, operational, identity, and privacy information for later reuse or sharing.
produce audit-ready evidence packages
Store generated evidence packages securely, restrict access to the audit team, apply retention limits, and redact secrets or unrelated personal data.