Back to skill
Skillv1.0.0
ClawScan security
Incident Response Runbook · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 27, 2026, 1:12 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's files and instructions match its stated purpose (creating and running incident runbooks); it does not request credentials or install software, but the runbook recommends running cloud/cluster commands so use caution when the agent executes actions in production environments.
- Guidance
- This skill appears coherent and benign: it provides templates and a small script to generate runbooks. Before running any agent-generated diagnostic or mitigation commands, verify the target environment and use least-privilege credentials (kubectl/AWS tokens should be restricted). Pay special attention to rollback or mitigation steps that could modify production (deploy rollbacks, DNS changes, feature-flag toggles) and require human approval for destructive actions. Also note the skill's source is unknown—consider vetting it or running the script in a sandbox first.
Review Dimensions
- Purpose & Capability
- okName/description align with contents: SKILL.md and a small helper script generate runbook markdown and provide triage templates and diagnostic commands. Nothing requested or installed is inconsistent with an incident-response runbook.
- Instruction Scope
- noteInstructions are scoped to incident lifecycle (generate, triage, post-incident). They include examples of diagnostic commands (curl, aws logs, kubectl, docker) and rollback/mitigation steps; these are expected for incident response but may require cloud/cluster credentials and can be destructive if executed without care.
- Install Mechanism
- okNo install spec; this is instruction-first with one benign helper script. Nothing is downloaded or written to disk by an install step.
- Credentials
- okThe skill does not declare or require any environment variables, credentials, or config paths. References to monitoring tools and cloud CLIs in the runbook are expected usage patterns and do not imply unnecessary credential requests by the skill itself.
- Persistence & Privilege
- okalways is false (no forced inclusion). disable-model-invocation is false (normal — agent may invoke the skill); the skill does not request elevated persistent privileges or modify other skills' configurations.