v1.0.0

Entra Id Auditor

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 6:24 AM.

Analysis

This appears to be a read-only Entra ID audit guide, but it handles sensitive tenant identity exports that should only be shared by authorized users.

GuidanceBefore installing or using this skill, make sure you are authorized to export Entra ID data, inspect the exports for accidental credentials or secrets, and review any remediation commands manually before applying them.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

SKILL.md

az role assignment list --output json > role-assignments.json ... az ad app list --output json ... Remediation Steps: PowerShell / Graph API commands per finding

The skill documents Azure CLI export commands and may generate remediation commands. The artifacts frame these as user-directed and do not instruct automatic execution.

User impactIf copied and run, export commands collect tenant information, and remediation commands could change identity or access settings.

RecommendationReview all generated commands before running them, test remediation steps in a safe process, and avoid granting the agent direct execution access unless explicitly intended.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

SKILL.md

"role": "Global Reader", "scope": "Azure AD Tenant", "note": "Also assign 'Security Reader' for Conditional Access and Identity Protection"

The audit relies on tenant-wide read roles and sensitive Entra ID exports. This is purpose-aligned and disclosed, but users should understand the breadth of directory data involved.

User impactSharing these exports can reveal privileged users, app permissions, Conditional Access gaps, and other sensitive identity-security details.

RecommendationOnly run the exports from an authorized account, share the minimum needed fields, and remove any accidental secrets or unnecessary personal data before analysis.