Skillv1.0.0

ClawScan security

dark-launch-controller · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 2:02 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions broadly match a dark-launch workflow, but they tell the agent to scan repository files and environment/config data (potentially containing secrets) without declaring or limiting that access — exercise caution before running it against sensitive systems.
Guidance: This skill appears to do what it says (inventory code changes, locate feature-flag hooks, produce flag specs and K8s snippets), but it runs broad repository and config scans that can read sensitive files. Before using it: 1) Do not run it on a machine that contains production secrets unless you review and trust every command. Run the steps in an isolated environment (a disposable clone of the repo or a container) to avoid accidental exposure. 2) Inspect the remainder of SKILL.md (monitoring/notification steps were truncated) to confirm it doesn't instruct the agent to send data to external endpoints or request unrelated credentials. 3) If you plan to integrate with third-party feature-flag or monitoring services, provide minimal, scoped credentials and double-check where the skill will store or transmit them. 4) If you need to run automated scans, prefer running the provided commands locally under your control rather than granting the skill autonomous execution. Additional information (full SKILL.md, exact monitor/publish steps) would raise or lower confidence.

Review Dimensions

Purpose & Capability: okThe name and description (dark launches, feature flags, gradual rollouts) align with the actions in SKILL.md: inventorying diffs, detecting flag integration points, generating flag specs and K8s artifacts, and describing monitoring and rollout gates. The high-level capabilities requested are coherent with the stated purpose.
Instruction Scope: concernThe SKILL.md contains concrete shell commands that scan the codebase (git diff, find, rg), search configuration and environment files, and print or generate flag/config artifacts. While repository and config scanning is reasonable for planning a dark launch, these instructions give the agent broad permission to read arbitrary files in the working tree (including config/.env files that may contain secrets). The file-access scope is not constrained or documented, and the SKILL.md does not warn about sensitive files or recommend a safe execution environment.
Install Mechanism: okThis is an instruction-only skill with no install steps or code files, so nothing will be written to disk by an installer. That minimizes supply-chain risk. Note: the instructions call tools (git, rg, python3, awk, find) but the skill declares no required binaries; missing tools would just cause commands to fail rather than introducing hidden installs.
Credentials: concernThe skill declares no required environment variables or credentials, yet the instructions explicitly scan for environment-based switches and config files (patterns like FEATURE_, ENABLE_, FF_, DARK_LAUNCH). Searching for environment/config files can expose secrets (API keys, DB URLs, tokens) present in repos or .env files. The skill does not request or document any credentials for third-party feature-flag or monitoring services (LaunchDarkly, Datadog, Unleash are referenced), so it's unclear how integration steps would be authenticated — future instructions (truncated) might ask for API keys, which would be disproportionate if not limited to the specific service.
Persistence & Privilege: okThe skill is not marked 'always' and is user-invocable; it does not declare any behavior that would persist or modify other skills or global agent configuration. No privileged or permanent presence is requested in the provided material.