v1.0.0

Expanso log-sanitize

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:34 AM.

Analysis

The core log redaction is coherent, but review is recommended because MCP mode opens an unauthenticated all-interface HTTP listener for sensitive logs and the docs include an optional remote cloud deployment path.

GuidanceUse the local CLI mode for sensitive logs unless you intentionally need a server. If using MCP mode, bind it to localhost, restrict network access, and stop the process when finished. Avoid the cloud deployment path unless you are comfortable with Expanso Cloud handling the workflow and have verified the remote pipeline source.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

- Expanso Edge installed (`expanso-edge` binary in PATH); Install via: `clawhub install expanso-edge`; expanso-cli job deploy https://skills.expanso.io/log-sanitize/pipeline-cli.yaml

The skill depends on an external runtime and documents an optional cloud deployment from a remote URL, while the registry declares no required binaries or install spec. This is aligned with the Expanso pipeline purpose, but the runtime and remote pipeline provenance should be checked.

User impactUsers may install or deploy components that were not represented in the registry requirements, and the remote cloud-deploy URL may not be identical to the local reviewed pipeline files.

RecommendationInstall Expanso tools only from trusted sources, prefer deploying the reviewed local pipeline file where possible, pin or verify remote artifacts, and update metadata to declare the required runtime.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusConcern

pipeline-mcp.yaml

http.enabled: true; address: 0.0.0.0:${PORT:-8080}; http_server path: /sanitize; allowed_verbs: [POST]

The MCP/HTTP sanitizer binds to all network interfaces and exposes a POST endpoint, while the artifact does not show authentication or a localhost-only default. Because the expected inputs are sensitive logs, this broadens the data boundary.

User impactIf the MCP mode is started, the sanitizer service may be reachable beyond the local agent or host, increasing exposure of sensitive log-processing traffic and allowing unintended network use of the endpoint.

RecommendationBind the server to 127.0.0.1 by default, add authentication or firewall guidance, document TLS/network assumptions, and provide clear instructions for stopping the background service.