Skillv1.0.0

ClawScan security

Reservations Hybrid Advisor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 3, 2026, 11:44 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements and instructions align with its stated purpose — it asks users to provide exported Azure usage/reservation reports and does not request credentials or installs — so it is internally coherent.
Guidance: This skill appears coherent: it asks you to provide exported Azure reports or CLI output and explicitly avoids requesting credentials. Before using it: (1) do not paste any secrets, tokens, or full access keys — remove or redact any fields that look like keys or tokens; (2) sanitize PII or subscription IDs if you don’t want them shared; (3) prefer exporting read-only reports (CSV/JSON) from the Portal or using the az CLI locally with a least-privileged account (Cost Management Reader + Reader) and then paste the results; (4) confirm the tool’s claimed savings percentages and recommendations in the Azure Portal or with an authorized Azure partner before purchasing reservations; (5) ask the skill to explicitly confirm it will not attempt remote access if you are concerned about the 'bash' tool listed in the header. If you need higher assurance, run the analysis offline (locally) or share only aggregated/sanitized data.

Review Dimensions

Purpose & Capability: okName/description match the runtime instructions: the skill analyzes reservation utilization, consumption history, and Hybrid Benefit eligibility to recommend commitments. It does not request unrelated credentials, binaries, or system paths. The suggested Azure RBAC roles (Cost Management Reader + Reader) are appropriate for the data the skill asks users to export.
Instruction Scope: noteSKILL.md stays within scope: it asks the user to export CSV/JSON reports or run read-only az CLI commands and to paste those outputs. It explicitly states it will not execute CLI commands or access the Azure account directly and instructs users to confirm no credentials are included before pasting raw data. Minor inconsistency: the SKILL.md header lists 'bash' as a tool while the prose emphasizes 'instruction-only' operation — clarify that the skill will not run bash remotely and only provides command examples for users to run locally.
Install Mechanism: okInstruction-only skill with no install spec and no code files; nothing is written to disk or downloaded by the skill itself.
Credentials: okNo environment variables, credentials, or config paths are requested. The skill explicitly says 'never ask for credentials' and only requests exported data or console/CLI output, which is proportionate for cost analysis.
Persistence & Privilege: okalways is false and the skill does not request persistent system presence or modify other skills. Autonomous model invocation is allowed (platform default) but not combined with other red flags.