Skillv1.0.0

ClawScan security

Storage Exposure Auditor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 5, 2026, 6:25 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (audit Azure Storage exposure) is reasonable and mostly aligned with its instructions, but some checks require data the skill doesn't properly request or would force a user to reveal sensitive secrets (SAS keys/rotation), and there are minor inconsistencies in the required role guidance — proceed with caution.
Guidance: This skill is generally coherent for a human-assisted audit: it tells you how to run az commands and paste JSON outputs for analysis. Before using it, confirm these points: 1) Do not paste storage account keys, connection strings, or raw SAS tokens — the skill warns against this, and you should redact them or avoid including them. 2) For checks like key rotation age, SAS usage, or diagnostic logging, prefer running local scripts/az commands that emit only non-sensitive metadata (e.g., timestamps, booleans, counts) and paste those results instead of secrets; ask the skill author for exact safe commands if unsure. 3) Use the least-privilege roles to collect data (Reader + Storage Blob Data Reader for listing containers). 4) If you must share logs or evidence, scrub or redact secrets first and consider sharing in a secure channel. 5) Because the SKILL.md mixes role guidance and includes checks that normally need logs/keys, ask the author for clarified, explicit commands that return only safe indicators before pasting anything from your environment. If the author cannot provide safe extraction commands, run the analysis locally or with a trusted security auditor instead.
Findings: [regex_scanner_no_findings_instruction_only] expected: No code files were present and the static regex scanner had nothing to analyze; this is expected for an instruction-only skill. Absence of findings does not imply the instructions are free from risky guidance.

Review Dimensions

Purpose & Capability: noteName and description match the instructions: it asks users to paste CLI output about storage accounts/containers and will analyze that. The skill explicitly states it will not access Azure directly and won't request credentials. Minor inconsistency: the SKILL.md suggests 'Storage Account Contributor' as the minimum RBAC role in a JSON blob but elsewhere correctly notes 'Reader' and 'Storage Blob Data Reader' as minimums for specific queries. This role guidance should be clarified but is not a major red flag.
Instruction Scope: concernThe SKILL.md correctly asks the user to provide az CLI JSON outputs for account/container/network settings, which is appropriate. However several listed checks (shared key rotation age, SAS token permissiveness and usage, diagnostic logging and activity logs) cannot be reliably determined from the three example az queries alone. Performing those checks would either require additional (potentially sensitive) data — e.g., storage account keys, SAS tokens, or activity/diagnostic logs — or local preprocessing to extract safe metadata. The skill warns not to ask for credentials and to confirm no secrets, but it does not provide safe, explicit commands or templates for extracting only non-sensitive indicators (e.g., age of last key rotation as a timestamp rather than raw keys). That gap could lead users to accidentally paste secrets.
Install Mechanism: okInstruction-only skill with no install spec and no code files. Low operational risk from install mechanism because nothing is downloaded or executed by the platform itself.
Credentials: concernThe skill requests no environment variables, credentials, or config paths, which is appropriate. But because several checks imply examining keys, SAS tokens, or logs, there is a risk the user might be asked to paste sensitive data. The skill includes wording that it will not ask for credentials and to confirm no credentials are present, which mitigates risk somewhat but does not eliminate the ambiguity about how to provide the metadata needed for certain checks without exposing secrets.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated platform privileges. It does not write config or request persistent presence. Autonomous invocation remains enabled by default, but that is normal and not by itself a red flag here.