Skillv1.0.0

ClawScan security

Activity Log Detector · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 4, 2026, 11:04 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only analyzer that asks users to paste exported Azure Activity Log and Sentinel data for offline analysis — its requirements and instructions are coherent with that purpose.
Guidance: This skill appears coherent and safe as an instruction-only analyzer, but be careful with what you paste: Activity Logs and Sentinel exports often contain sensitive resource IDs, user principals, IP addresses, and other telemetry. Before sharing, remove or redact any secrets, keys, access tokens, or highly sensitive identifiers, and prefer sharing only the time windows and filtered high-risk events needed for analysis. Note the SKILL.md header lists tools including 'bash' but the prose says it will not execute Azure CLI or access your account — confirm you are interacting with a read-only, non-executing agent instance (or run the analysis locally) if you do not want any commands executed. Finally, do not share credentials; if you need help running exports, run the az CLI locally under a read-only account and paste only the exported files after sanitization.

Purpose & Capability: okName/description match the requested inputs and outputs: the skill asks the user to provide Activity Log and Sentinel exports and describes the analysis it will perform. It does not request unrelated credentials, binaries, or cloud access.
Instruction Scope: noteSKILL.md stays within scope: it instructs the user how to export logs, what events to look for, analysis steps, and output format. It appropriately warns users not to provide credentials and to confirm exported data contains no secrets. Note: pasted logs can include sensitive identifiers, IPs, and user principals — the skill relies on users to sanitize data before sharing.
Install Mechanism: okInstruction-only skill with no install spec and no code files. Nothing will be written to disk or installed by the skill itself.
Credentials: okThe skill declares no required environment variables, no primary credential, and no config paths. The RBAC role shown is documentation for users who run the example CLI themselves — it does not ask for elevated or unrelated credentials.
Persistence & Privilege: okThe skill does not request always:true or any persistent privileges. It is user-invocable and allows autonomous invocation by default (platform default), but it does not request credentials or system-level configuration changes.