Skillv1.0.0

ClawScan security

Aws Cdk Analyzer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 30, 2026, 12:48 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions broadly match an AWS CDK analysis purpose, but there are a few mismatches and operational risks (notably executing user project code via npx cdk synth and undeclared runtime/tool requirements) that you should understand before using it.
Guidance: This skill appears to do what it says, but take these precautions before running it: (1) ensure the agent/container has the needed developer tools (python3, grep, find, npm/npx and the CDK toolchain) because the skill assumes them even though the metadata lists none; (2) run the analysis in an isolated environment or CI workspace — `npx cdk synth` executes your app code and may run arbitrary scripts or access local secrets; (3) review your repo for any build hooks or code that could have side effects before synthesizing; (4) don't expose cloud credentials to the skill unless you explicitly need to run live checks — the SKILL.md does not require them; and (5) if you need lower-risk analysis, consider running static-only checks (grep/find) and reviewing synthesized templates manually in a safe environment.

Review Dimensions

Purpose & Capability: noteThe skill's name and description align with its runtime instructions (it inspects CDK source and synthesized CloudFormation). However the registry metadata declares no required binaries while the SKILL.md assumes standard dev tools (python3, grep, find, npx/cdk). That is an inconsistency: those tools are reasonably needed for the stated purpose but should be declared.
Instruction Scope: concernInstructions run repository commands (grep/find, a short python3 snippet) and explicitly call `npx cdk synth` / `npx cdk diff`. Running `cdk synth` executes the CDK app code in the project — which may run arbitrary code, perform network calls, or access secrets in the repo. The skill does not instruct exfiltration, but the act of synthesizing can surface secrets in templates and can have side effects if the project has build hooks. This is expected for CDK analysis but is a noteworthy risk that the skill should call out and that users must mitigate (run in isolated environment, review code first).
Install Mechanism: okInstruction-only skill with no install spec. This minimizes supply-chain risk (nothing downloaded or written by the skill itself).
Credentials: okThe skill declares no credentials or environment variables and its instructions do not require cloud credentials. That is appropriate for a static + synth analysis. It does not request unrelated credentials or secret-access environment variables.
Persistence & Privilege: okalways is false and the skill has no install step or persistent configuration. It does not request elevated or persistent privileges.