ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

runbook-generator

v1.0.0

Runbook Generator

0· 251·4 current·4 all-time
byAlireza Rezvani@alirezarezvani
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (runbook generator) matches the instructions: scanning a codebase, detecting stack components, and producing runbooks. The kinds of checks and templates (deployment, incident response, DB maintenance) are consistent with the stated goal.
!
Instruction Scope
SKILL.md instructs scanning repository files (ls, grep, git log) which is expected, but also includes concrete shell commands that assume access to credentials and runtime tools (psql, npx prisma, vercel CLI, curl with TEST_TOKEN). It includes potentially destructive operations (prisma migrate reset) and production rollbacks without explicit safeguards or confirmation steps. The guidance gives agents broad discretion to run admin commands that could modify production state.
Install Mechanism
Instruction-only skill with no install spec or downloaded artifacts, which is low risk from an installation perspective.
!
Credentials
SKILL.md references many credential-like environment variables and tokens (DATABASE_URL, STAGING_DATABASE_URL, PROD_DATABASE_URL, TEST_TOKEN, PagerDuty/Slack contacts) but the skill declares no required env vars. It also assumes availability of CLIs and access to production secrets. Requesting or using production credentials is disproportionate for an automatically invoked agent unless explicit human approval and least-privilege controls are in place.
Persistence & Privilege
The skill is not always-enabled and uses normal autonomous invocation defaults. It does not request permanent platform-wide presence or modify other skills. However, autonomous invocation combined with the instruction issues above increases risk, so consider limiting autonomy or requiring human confirmation before executing commands.
What to consider before installing
This skill appears to do what it says (generate runbooks from a repo), but its runtime instructions assume access to repository files, various CLIs (git, jq, psql, prisma, vercel), and sensitive environment variables (production/staging DB URLs, test tokens, PagerDuty/Slack contacts) that are NOT declared. Before installing or enabling it: (1) do NOT provide production credentials to the skill; test only on a copy of the repo or in staging; (2) require explicit human approval before any command that can change state (migrations, resets, rollbacks); (3) restrict agent autonomy (disable automatic execution of destructive steps) or add a confirmation/approval step in the workflow; (4) ensure the runtime environment has the necessary CLIs if you intend to use the command examples, or treat the outputs as templates for a human to execute; (5) consider asking the skill author to declare required env vars and binaries and to add non-destructive dry-run defaults. If you need absolute safety, avoid giving the agent any secrets and only use it for read-only analysis and draft runbook generation.

Like a lobster shell, security has layers — review code before you run it.

latestvk977am62mzj98s3atvn9ydb00182qjzb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments