Redis Cluster Analyzer
PassAudited by VirusTotal on May 1, 2026.
Overview
Type: OpenClaw Skill Name: redis-cluster-analyzer Version: 1.0.0 The Redis Cluster Analyzer is a diagnostic tool designed to audit Redis configurations for performance, high availability, and security. It uses standard system commands like find, grep, and redis-cli to gather information about Redis setups and application connection logic. The instructions in SKILL.md are well-structured and focused on providing a comprehensive health report, including security recommendations. No indicators of data exfiltration, malicious execution, or persistence were found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may inspect Redis configuration files, application code, and live Redis metadata if you invoke it for an audit.
The skill instructs the agent to use local shell discovery and Redis CLI inspection. These are purpose-aligned and appear read-only, but they still interact with local files and a live Redis environment.
find /etc/redis/ -name "*.conf" -type f ... grep -rl "Redis\|redis\|ioredis\|redis-py\|RedisCluster" /path/to/app/ ... redis-cli INFO server 2>/dev/null
Use it only on intended Redis/project paths, confirm the target Redis instance, and avoid granting broader shell access than needed.
Redis passwords or connection details could be included in the agent's working context or report if present in the reviewed files.
Redis configuration and application connection code can include passwords, connection strings, hostnames, and other sensitive access details. This is expected for a Redis audit, but users should notice the credential exposure risk.
The agent parses each configuration to extract: ... **Server configuration** (bind, port, requirepass, maxclients) ... **Connection pool config** (from application code)
Provide only the files needed for the audit and ask the agent to redact secret values in its output.
You have less external provenance to rely on when deciding whether to trust the instructions.
The skill has limited provenance information. This is a low-severity note here because the artifacts show an instruction-only skill with no install script or code files.
Source: unknown Homepage: none
Prefer skills with clear source provenance for higher-assurance environments, or review the instructions carefully before use.