Back to skill
Skillv1.0.0
ClawScan security
Airflow Dag Analyzer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 30, 2026, 1:45 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's requests and instructions are consistent with an Airflow DAG auditing tool, but some runtime ambiguities (path selection and truncated instructions) reduce confidence and merit simple precautions.
- Guidance
- This skill appears to do what it claims: read and analyze Airflow DAG Python files. Before installing or invoking it, (1) only point the skill at the exact DAG directory you want audited (avoid giving it / or broad repo roots), (2) confirm whether the agent will only parse files versus executing/importing them — avoid letting it import or run untrusted DAG code, and (3) if the SKILL.md is truncated, ask the publisher for the full runtime instructions or a privacy/security statement. If you plan to run this on production DAGs, prefer running the analysis in an isolated environment or on a copy of the DAGs so accidental code execution or data exposure is limited.
Review Dimensions
- Purpose & Capability
- okName/description match the contents of SKILL.md: it reads and audits Airflow DAG Python files (schedules, default_args, task dependencies, sensors, etc.). There are no extraneous environment variables, binaries, or installs requested that would contradict its stated purpose.
- Instruction Scope
- noteInstructions explicitly tell the agent to find and read DAG .py files (find/grep examples) and to parse imports/custom operators. This is appropriate for the stated purpose. However the SKILL.md is truncated and does not show whether the agent is ever instructed to execute DAG code or to send findings to external endpoints. Also the find/grep approach will read any path supplied — the skill does not include an explicit safeguard to limit scanning to a user-approved DAG directory, so a careless invocation could cause broad file reads if a user supplies an overly permissive path.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files — lowest install risk. The skill does not pull external binaries or archives.
- Credentials
- okNo environment variables, credentials, or config paths are requested. This aligns with the skill's stated purpose and is proportionate.
- Persistence & Privilege
- okalways is false; the skill does not request persistent/system-wide privileges or modification of other skills. Autonomous invocation is allowed by default for skills but is not combined here with other red flags.