Back to skill
Skillv1.0.0
ClawScan security
Guardduty Explainer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 2, 2026, 2:52 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only GuardDuty findings explainer that asks users to paste exported GuardDuty JSON and produces human-readable summaries and suggested CLI remediation — its requirements and instructions are coherent with its stated purpose.
- Guidance
- This skill appears coherent and useful, but follow these precautions before using it: (1) Never paste AWS credentials, secret keys, or long logs that might contain secrets — scrub findings first. (2) Treat any generated AWS CLI commands as suggestions: review and run them from a trusted shell with appropriate permissions (prefer least-privilege, staging, or read-only where possible). (3) Validate suggested containment/remediation steps against your organization's runbooks and incident response policies. (4) For bulk or sensitive findings, consider sharing only minimally redacted JSON or using internal tools to extract the relevant fields before pasting.
Review Dimensions
- Purpose & Capability
- okThe name/description match the behavior: it asks for GuardDuty JSON and produces explanations and playbooks. It does not request credentials, unrelated environment variables, or unexpected binaries. Example AWS CLI commands and minimal read-only IAM actions are appropriate for the stated task.
- Instruction Scope
- okSKILL.md confines runtime actions to analyzing user-provided GuardDuty JSON and producing outputs (alerts, playbooks, suggested AWS CLI commands). It explicitly states it will not call AWS or require credentials and instructs the agent to confirm pasted data contains no credentials before processing.
- Install Mechanism
- okNo install spec or code files are present; the skill is instruction-only so there is no disk install risk.
- Credentials
- okNo environment variables, config paths, or credentials are requested. The minimal IAM permissions shown are read-only and are appropriate examples for retrieving findings; the skill instructs users not to share keys.
- Persistence & Privilege
- okalways is false, no privileged persistent presence is requested, and the skill does not modify other skills or system-wide settings.