v1.0.0

Spring Boot Actuator Analyzer

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 1:48 PM.

Analysis

This instruction-only skill is a coherent, read-only Spring Boot Actuator audit guide; it may inspect local project configuration but shows no mutation, credential, install, or persistence behavior.

GuidanceThis skill appears safe and purpose-aligned for reviewing a Spring Boot project. Be aware that application configuration files can contain sensitive values, so use it in the correct repository and avoid sharing raw findings if they include secrets.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityInfoConfidenceHighStatusNote

SKILL.md

find . -name "application*.yml" -o -name "application*.yaml" -o -name "application*.properties" | head -10

The skill suggests local shell commands to discover and inspect Spring Boot configuration files. This is read-only and directly aligned with the audit purpose, but users should be aware it may access configuration files in the current project.

User impactThe agent may read project configuration and source snippets, which can sometimes contain secrets or operational details, but the artifact does not instruct it to change files or send data elsewhere.

RecommendationRun the skill only in the intended project directory and review any output before sharing it outside your organization.