Back to skill
Skillv1.0.0
ClawScan security
Autoscaling Policy Designer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 29, 2026, 11:36 PM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's purpose (designing autoscaling policies) matches the actions in SKILL.md, but the runtime instructions reference cloud API endpoints, environment variables, and CLI tools (Prometheus, AWS, curl, aws CLI, python3) without declaring required credentials or binaries — an incoherence that requires caution before installing or running the skill.
- Guidance
- This skill appears to do what it says (analyzing Prometheus/CloudWatch data and recommending autoscaling policies), but its instructions assume access to external telemetry and tools without declaring them. Before installing or enabling it: - Confirm what endpoints and credentials it will use (PROMETHEUS_URL, ASG_NAME, AWS credentials) and only grant least-privilege, read-only access (e.g., CloudWatch read permissions, Prometheus read). - Ensure the agent runtime has only the CLI tools you expect (curl, aws, python3) and that those calls are limited to trusted monitoring endpoints. - Test the skill in a staging environment first to verify it cannot access unintended systems. - If you need a stronger guarantee, ask the skill author to: 1) declare required environment variables and binaries in metadata, and 2) document required IAM permissions and network endpoints so you can review them before granting access.
Review Dimensions
- Purpose & Capability
- noteThe skill's name and description (autoscaling policy design for Kubernetes/ASGs) align with the commands and examples in SKILL.md: Prometheus queries, CloudWatch/ASG queries, traffic classification, HPA/KEDA guidance, and cost modeling are expected capabilities for this purpose.
- Instruction Scope
- concernSKILL.md instructs the agent to run network calls and CLI commands that access external systems (Prometheus, AWS CloudWatch) and to parse/act on those results. It references environment variables like PROMETHEUS_URL and ASG_NAME and uses curl, aws, and python3 inline scripts. Those instructions give the agent permission to fetch potentially sensitive telemetry data and require external credentials — but the skill does not declare or constrain those accesses. The instructions are not dangerously broad in themselves, but they assume access to systems and secrets that are not surfaced to the user.
- Install Mechanism
- okThis is an instruction-only skill with no install spec and no code files. That is lower risk because nothing is written to disk by an installer. However, runtime commands in SKILL.md assume the presence of several CLI tools (curl, aws, python3) that are not declared as required binaries.
- Credentials
- concernThe SKILL.md references PROMETHEUS_URL, ASG_NAME and invokes aws cloudwatch (which requires AWS credentials) but the skill metadata declares no required environment variables and no primary credential. Requiring access to Prometheus endpoints and AWS CloudWatch is reasonable for an autoscaling tool, but failing to declare them is an incoherence: the skill will need external credentials and network access that are not listed, so installing it without understanding what will be accessed is risky.
- Persistence & Privilege
- okThe skill is not marked always:true and has no install scripts or code that persists or modifies other skills or system settings. Autonomous invocation is allowed by default (disable-model-invocation: false), which is normal for skills, but it does broaden the blast radius when combined with the environment/credential gaps noted above.