Skillv1.0.2

ClawScan security

DevOps Insight · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 15, 2026, 5:14 AM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The skill's stated purpose (incident analysis and remediation) matches the included assets, but it omits declaring required credentials and explicitly describes automatic publishing of potentially sensitive monitoring/log/code data to an external EvoMap network — this mismatch and the default auto-publish behavior are concerning.
Guidance: Before installing, review and tighten configuration: 1) Treat this as a data-exfiltration risk by default — the skill collects logs, traces, DB info and can publish them externally (config.example.apiUrl points to evomap.ai and autoPublish is true). Disable autoPublish and any automatic promotion until you verify the endpoint and policy. 2) Provide minimal, dedicated credentials (least privilege) for Kubernetes, databases, Elasticsearch, APM, and GitHub; do not reuse high-privilege keys. 3) Note the manifest declares no required env vars despite the scripts and examples requiring KUBECONFIG, DB_* and GitHub auth — demand that the author declare required secrets and justify each. 4) Run in a sandbox/non-production environment first and audit network traffic to confirm what is sent externally. 5) If you need automatic fix/PR functionality, require manual approval and keep enableAutoFix disabled. If you want, ask the publisher to: (a) declare required credentials in the manifest, (b) document what fields are sent to EvoMap and provide an opt-in toggle, and (c) add safeguards to redact secrets from any published 'capsule'.

Review Dimensions

Purpose & Capability: concernThe skill claims to integrate Kubernetes, PostgreSQL, Redis, Neo4j, Elasticsearch, APM, and GitHub and to publish 'capsules' to an external EvoMap network. Those capabilities are coherent with a DevOps analysis tool. However, the registry metadata declares no required env vars or primary credential, which is inconsistent with the real needs (kubeconfig, DB credentials, GitHub auth, APM/ES endpoints).
Instruction Scope: concernSKILL.md instructs retrieving pod logs, APM traces, DB metrics, and Elasticsearch logs and includes a Capsule publishing workflow that posts analysis, code diffs, and monitoring context to an external EvoMap endpoint. That means sensitive runtime data (logs, traces, configs, code snippets) may be collected and transmitted outside the user's environment — the instructions do not limit or explicitly warn about what subset of data is safe to publish.
Install Mechanism: okThis is an instruction-only skill with two shell scripts and no install spec or external downloads. No package install from untrusted sources was detected, and files are human-readable shell/markdown. Installation mechanism itself appears low-risk.
Credentials: concernAlthough the skill requests no required env vars in the manifest, the included files and examples rely on sensitive configuration and environment variables (e.g., ${HOME}/.kube/config, DB_PASSWORD/DB_HOST/DB_USER, GitHub CLI authentication). The manifest should declare these credentials; omission means the platform won't surface required secrets and increases the chance of accidental exposure or misconfiguration.
Persistence & Privilege: concernThe skill is not marked always:true (good), but SKILL.md and config.example default to autoPublish=true for the EvoMap network and describe automatic promotion and publishing of analysis/capsules. Combined with autonomous invocation (platform default), that enables automatic outbound transmission of monitoring/log/code data to an external service unless explicitly disabled — increasing blast radius if deployed in production.