Skillv1.0.0

ClawScan security

Argocd Deployment Analyzer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 30, 2026, 1:46 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions match an ArgoCD analysis purpose, but the SKILL.md expects command-line tools, cluster/git access, and use of credentials (e.g., $ARGOCD_TOKEN, kubeconfig, local repo paths) while the declared metadata lists no required binaries or environment variables — an incoherence that could lead to accidental over-privileged use.
Guidance: This skill appears to do what it says (analyzing ArgoCD apps) but the SKILL.md expects tools and credentials that the skill metadata does not declare. Before installing or running it: (1) verify where you'll run it — use a trusted machine or sandbox with only read-only, least-privilege access to the cluster and ArgoCD API; (2) prefer short-lived or read-only ARGOCD_TOKEN and a kubeconfig limited to the namespaces needed; (3) avoid supplying broad Git credentials — if a local repo path is required, point it at a checked-out repo copy with no secrets; (4) confirm you have jq/argocd/kubectl available or understand you'll need them; (5) disallow autonomous invocation if you don't want the agent to run these cluster commands without explicit human confirmation. The primary issue is an undeclared credential/binary requirement — treat any credential you provide with caution.

Review Dimensions

Purpose & Capability: noteThe name/description (ArgoCD analyzer) aligns with the runtime steps (argocd, kubectl, diffs, manifest review). However the skill metadata declares no required binaries or credentials even though the instructions explicitly rely on argocd CLI, kubectl, jq, access to ArgoCD API (Bearer token example), and access to local Git repo paths. The missing declaration is an inconsistency.
Instruction Scope: concernSKILL.md tells the agent to run cluster-level commands (kubectl get events, get pods, list Applications), call the ArgoCD API (curl with $ARGOCD_TOKEN), and diff live vs repo state (argocd app diff --local-repo-root /path/to/repo). These are appropriate for the stated purpose but require the agent to read sensitive cluster state, credentials, and local repository files. The document references environment variables and filesystem paths that are not declared in the skill metadata, and gives the agent broad discretion to inspect many resources.
Install Mechanism: okInstruction-only skill with no install spec or code files — lowest installer risk. Nothing is downloaded or written by the skill bundle itself.
Credentials: concernThe SKILL.md examples use $ARGOCD_TOKEN and expect kubeconfig/argocd CLI login and access to local repo roots, yet requires.env and primary credential fields are empty. The skill therefore fails to declare the sensitive credentials it expects (ArgoCD token, cluster credentials, possibly Git credentials). That mismatch makes it easy for users to accidentally supply overly broad or long-lived credentials or to run the skill in an environment lacking least-privilege access.
Persistence & Privilege: okalways is false and the skill is instruction-only; it doesn't request permanent platform presence or claim to modify other skills or global settings. Autonomous agent invocation is allowed (platform default) but not, by itself, a new risk here.