ClawHub
Back to skill
v1.0.0

Bandwidth Optimizer

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 6:20 AM.

Analysis

This instruction-only Azure cost-analysis skill appears purpose-aligned, but users should be aware it asks for Azure cost and network inventory data.

GuidanceBefore using this skill, make sure the Azure exports or CLI outputs do not include secrets, run any Azure CLI commands only against the subscription you intend to analyze, and prefer the narrowest read-only access that still provides the needed cost and network data.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityInfoConfidenceHighStatusNote
SKILL.md
tools: claude, bash ... az consumption usage list ... az network vnet list --output json

The skill declares bash and documents Azure CLI commands that can query cloud cost and network data. The commands are read-only and user-directed, so this is a notice rather than a concern.

User impactIf you run the examples, you may generate Azure subscription cost and network inventory output to share with the agent.
RecommendationRun the commands only in the intended Azure tenant/subscription and review or redact output before pasting it into the chat.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
SKILL.md
"role": "Cost Management Reader", "scope": "Subscription", "note": "Also assign 'Network Reader' for virtual network inspection"

The skill recommends subscription-scope read-only Azure roles so the user can collect the requested data. This is aligned with bandwidth optimization, but it is broad visibility into cloud billing and topology.

User impactA user with these roles can view sensitive Azure cost and network configuration information across the chosen subscription.
RecommendationUse the least practical scope, keep access read-only, and provide only the exported fields needed for the analysis.