Iam Policy Auditor
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NoteHigh Confidence
ASI02: Tool Misuse and ExploitationWhat this means
If the agent asks to run shell commands while using this skill, that would go beyond the documented policy-review workflow and should be checked first.
Why it was flagged
The skill declares bash availability, which is a broad local execution capability, although the body only describes analyzing IAM policy text and does not instruct any shell commands.
Skill content
tools: claude, bash
Recommendation
Use it primarily with user-provided IAM policy JSON and only approve shell commands if they are clearly necessary and scoped to the audit task.