Skillv1.0.0

ClawScan security

Infrastructure Drift Detector · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 28, 2026, 11:45 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The instructions match an infrastructure-drift tool, but the skill's metadata omits the CLIs, credentials, and config access it actually expects — this inconsistency warrants caution before installing or running it.
Guidance: This skill's instructions will run cloud CLIs and read IaC state and repo files, but the registry metadata does not declare those dependencies or the need for cloud credentials. Before installing or using it: 1) Verify where the skill will run (your local machine, CI runner, or ephemeral environment). 2) Ensure CLIs (terraform, pulumi, aws, python3) are installed and you understand that the skill will use whatever credentials/config are available in that environment. 3) Do not run it in a production environment with broad credentials — use a read-only or least-privilege account first. 4) Review and test the exact commands on a safe copy of your repo/state (dry-run) before accepting remediation steps like terraform import or apply. 5) Ask the publisher to update metadata to declare required binaries and environment variables, and to add explicit confirmation steps before any state-changing commands. If you cannot validate those points, treat the skill as untrusted and run its commands manually in a controlled environment instead of allowing automatic invocation.

Review Dimensions

Purpose & Capability: concernThe SKILL.md clearly targets Terraform, Pulumi, CloudFormation/CDK and cloud provider state (e.g., AWS CloudTrail). That purpose legitimately needs cloud CLIs (aws, terraform, pulumi), local IaC state files, and cloud credentials. The skill metadata lists no required binaries, env vars, or primary credential — which is inconsistent with the stated purpose.
Instruction Scope: concernRuntime instructions tell the agent to read repository files (.tf, Pulumi.yaml, template.json, terraform.tfstate), run terraform/pulumi/aws CLI commands, parse outputs, and generate remediation commands. Those actions are within the declared purpose, but they imply access to cloud accounts and local state files that are not declared in metadata. The instructions do not constrain where they should run (e.g., CI vs local machine) or require explicit user confirmation before making changes (the docs recommend 'terraform apply' in places).
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files. That minimizes disk-write risk — nothing is downloaded or executed by an installer as part of skill setup. The security surface is the runtime commands described in SKILL.md.
Credentials: concernSKILL.md implicitly requires: terraform, pulumi, aws CLIs, python3, standard Unix tools (grep, sed, date). It also requires valid cloud credentials/config (AWS credentials or SDK-configured access) to perform CloudFormation drift detection, CloudTrail queries, and to inspect live resources. None of those are declared in requires.env or required binaries. The skill asks for actions that use potentially sensitive credentials without declaring them or warning the user.
Persistence & Privilege: okThe skill does not request always:true and is user-invocable (normal). It does not declare modifications to other skills or system-wide settings. Autonomous invocation is allowed by default but not by itself suspicious; still, an autonomously-invoked skill that can call cloud CLIs increases blast radius if credentials are available — keep that in mind.