Senior Devops
PassAudited by ClawScan on May 10, 2026.
Overview
No malicious behavior is evident, but the DevOps documentation overstates the bundled placeholder scripts and includes production deployment examples that should be reviewed carefully.
This skill does not show malicious behavior in the supplied files, but its scripts look like placeholders while the documentation describes production-grade DevOps actions. Review and test any generated commands or pipeline changes before using them, especially in production or cloud environments.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If similar commands are run against real systems, they could change or roll back production deployments.
The documented workflow includes production deployment commands, which are high-impact DevOps actions even though they are aligned with the skill's stated purpose and are presented as user-run examples.
python scripts/deployment_manager.py deploy \ --env=staging|production \ --image=app:1.2.3 \ --strategy=blue-green|rolling
Use explicit user approval, test in staging first, review generated commands or pipeline changes, and ensure cloud/IAM permissions are narrowly scoped.
A user may rely on the skill for DevOps automation or safety checks that the supplied scripts do not actually perform.
The bundled script appears to be a placeholder that reports success without implementing the advertised pipeline generation behavior, so users could over-trust the skill's capability claims.
# Main logic here
self.results['status'] = 'success'
self.results['target'] = str(self.target_path)
self.results['findings'] = []Treat the scripts as unverified scaffolding, inspect and test them before use, and do not rely on the advertised deploy, rollback, or Terraform behavior until it is actually implemented.