Skillv1.0.0

ClawScan security

Security Group Auditor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 3, 2026, 11:44 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only auditor that asks users to paste read-only AWS CLI exports for analysis and does not request credentials or install code — its requirements and instructions are coherent with the stated purpose.
Guidance: This skill is instruction-only and does not ask for your AWS credentials, which is good. Before installing or using it: (1) Run the listed aws CLI commands yourself and share only the exported JSON the skill requests, not any credentials or environment files. (2) Review and redact any sensitive metadata you don't want analyzed or exposed (for example internal hostnames, exact public IPs, account IDs) — the guidance already warns to confirm no credentials are included. (3) If you prefer higher privacy, extract only the fields you want analyzed (rules, CIDRs, ports, SG IDs) rather than pasting whole outputs. (4) Because the agent can be invoked autonomously (normal default), be mindful when enabling any skill that will run without explicit step-by-step confirmation; consider limiting usage to interactive/manual sessions if you want tighter control.

Review Dimensions

Purpose & Capability: okThe name and description (audit AWS security groups/VPCs) match the runtime instructions: the skill asks the user to provide exported AWS EC2/VPC/security-group JSON outputs and performs analysis on them. It does not request unrelated credentials, binaries, or resources.
Instruction Scope: noteThe SKILL.md correctly instructs the user to run read-only AWS CLI commands and to paste their outputs. This stays within the stated purpose, but user-provided exports can contain sensitive metadata (public/private IPs, instance IDs, hostnames, AZs, subnet IDs). The skill explicitly says it will not execute CLI calls or request credentials and asks users to confirm no credentials are included before processing — good practice. Users should still sanitize/redact any information they don't want analyzed or shared.
Install Mechanism: okNo install spec and no code files — the skill is instruction-only, so nothing is written to disk or downloaded. This is the lowest-risk model and proportionate for an auditor that works on user-provided exports.
Credentials: okThe skill requests no environment variables, no credentials, and no config paths. The declared minimum IAM permissions are only in the README as guidance for the user to collect exports — they are read-only describe actions and appropriate for the stated purpose.
Persistence & Privilege: okThe skill does not request permanent presence (always: false). Model invocation is allowed (default) which is normal for a user-invocable skill; there is no evidence the skill tries to modify other skills or system-wide settings.