Skillv1.0.0

ClawScan security

Incident Postmortem Generator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 13, 2026, 11:46 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions match its stated purpose (generating postmortems from logs/timeline/JSON) and do not request unrelated credentials or installs, but it will read whatever log files you point it at so review usage and outputs before running on sensitive systems.
Guidance: This skill appears to do what it says: parse logs, merge timelines, and produce postmortems. Before installing or running it in production: (1) review the bundled script to confirm there are no network calls or unexpected behavior (the provided code shows none), (2) run it with least privilege and only on logs you intend to process (logs often contain credentials or PII), (3) avoid pointing it at directories you don't control, and (4) if you plan to store outputs centrally (HTML/JSON), ensure the destination is trusted. If you need higher assurance, run the script in an isolated environment and/or audit the remainder of the script (the truncated portion appears to be report formatting; verify there are no hidden endpoints).

Review Dimensions

Purpose & Capability: okName/description, SKILL.md examples, and the included Python script all focus on parsing logs, merging timeline JSON, checking blameful language, and rendering outputs. No unrelated binaries, cloud credentials, or external services are requested—requirements and capabilities are coherent.
Instruction Scope: noteRuntime instructions and the script read arbitrary log and JSON files (examples reference /var/log/* and passing --log, --from, --timeline paths). This is expected for a log-parsing postmortem tool, but it means the tool will access any files you point it to; that can expose sensitive data (secrets, PII) if logs contain them. There are no instructions to exfiltrate data or send it to external endpoints in the provided files.
Install Mechanism: okNo install spec is provided (instruction-only plus a bundled Python script). No external downloads, package registry installs, or archive extraction are present—risk from installation mechanism is low. The script claims to use only Python stdlib.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. The script operates on files provided via CLI flags and does not require secrets; this is proportionate to the stated functionality.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated or persistent privileges. It does not modify other skills or system-wide agent settings in the provided materials. Autonomous invocation is allowed by platform default but not exceptional here.