Skillv0.1.0

ClawScan security

Incident Hotfix · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 4:16 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill is coherent for incident hotfix workflows, but its evidence-capture step reads and writes environment variables (including GITHUB_*), which can inadvertently expose sensitive tokens and is not declared in the metadata.
Guidance: This skill looks like a legitimate incident-hotfix helper, but review and limit its evidence capture before use. Specific recommendations: - Inspect scripts locally before running. The capture script writes env-safe.txt including any variables starting with GITHUB_ (which can include tokens). - Run the scripts only in a trusted environment (no live secrets in process env), or modify scripts to exclude token-like variables (e.g., filter out *_TOKEN, *PASSWORD, GITHUB_TOKEN). - Do not push docs/incidents/.../evidence/ to remote without reviewing its contents; add the evidence directory to .gitignore or ensure it is stored in a secure artifact store instead of the repo. - If you accidentally capture secrets, rotate them immediately (e.g., GitHub tokens). - If you want the skill to be safer, request the author to: (1) avoid capturing GITHUB_* by default, (2) redact token-like values, and (3) document explicit data-handling and retention policies in SKILL.md. Given these issues the skill is coherent but potentially exposes secrets unless adjusted — treat as suspicious until mitigations are applied.

Review Dimensions

Purpose & Capability: okName/description, SKILL.md, and scripts all align: they create a hotfix branch, seed incident docs, run lightweight git operations, and collect a focused evidence bundle. No unrelated network endpoints or unusual binaries are requested.
Instruction Scope: concernThe SKILL.md instructs running scripts that capture a local environment snapshot and git metadata into docs/incidents/<id>/evidence/. Capturing environment variables is within triage scope, but the included script indiscriminately greps for variables with prefix GITHUB_ (and other patterns) and writes them to a file in the repository; that can store secrets (e.g., GITHUB_TOKEN, GH_* tokens) in plain text in the repo. The instructions do not warn about sanitizing or excluding secrets, or about not committing the evidence folder.
Install Mechanism: okNo install spec; this is instruction + small scripts only. No downloads or external installs are performed by the skill itself.
Credentials: concernThe metadata declares no required environment variables, but scripts read the environment and capture variables matching '^(NODE_ENV|ENV|APP_ENV|CI|GITHUB_)'. That mismatch (no declared env but runtime reading of env) is a proportionality concern because it may copy sensitive variables into project files without explicit consent or declaration.
Persistence & Privilege: okThe skill does not request always-on presence or modify other skills. It writes files and branches inside the repository (TIMELINE.md, ROLLBACK.md, ACTIONS.md, evidence/), which is expected behavior for a hotfix workflow but requires repository write access to take effect.