Skillv1.0.0

ClawScan security

Tagging Auditor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 1, 2026, 10:06 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only FinOps auditor that asks users to provide exported AWS tagging and cost data for analysis and does not request credentials or install anything — its requirements and behavior are coherent with its stated purpose.
Guidance: This skill is instruction-only and coherent for tagging audits, but before using it: 1) Run the suggested AWS CLI/console exports locally under a least-privilege, read-only role (the policy shown is appropriate). 2) Carefully review any JSON/CSV you plan to paste into the chat — never include access keys, secret keys, or other credentials. 3) If you prefer, upload exports to a private location and share only the minimized data necessary for analysis (resource IDs, tags, and cost figures) rather than full raw files. 4) If you are unsure whether an export contains sensitive info, open it in a local editor and redact anything sensitive before sharing. Following these steps keeps your account credentials and high-sensitivity details safe while still allowing the skill to analyze tagging and spend coverage.

Review Dimensions

Purpose & Capability: okName/description (AWS tagging and identifying unallocatable spend) matches the SKILL.md: it asks for tag exports, Cost Explorer/ CUR data, and produces tagging scores, coverage tables, AWS Config rules, SCP snippets, and remediation CLI commands. No unrelated capabilities, binaries, or credentials are requested.
Instruction Scope: okThe runtime instructions are focused on receiving user-provided AWS exports (Resource Groups Tagging API JSON, Cost Explorer CSV/ CUR outputs) and analyzing them. The SKILL.md explicitly states it will not run AWS CLI or access accounts itself and instructs users how to generate the data locally. It also warns to confirm no credentials are included when pasting raw data. There is a small user risk if they accidentally paste sensitive secrets in provided data, but the instructions acknowledge and attempt to mitigate that.
Install Mechanism: okNo install spec and no code files — this is instruction-only. Nothing will be written to disk or downloaded by the skill, which minimizes install-related risk.
Credentials: okThe skill requests no environment variables, no credentials, and no config paths. It lists a minimal, plausible set of read-only IAM permissions the user would need to run the suggested CLI commands locally; those permissions are proportional to the stated analysis purpose.
Persistence & Privilege: okThe skill is not always-enabled and is user-invocable. It does not request persistent system presence or modify other skills or agent-wide settings. Autonomous invocation is allowed by default but not combined with any other broad privileges.