v1.0.1

Vulnerability Prioritizer

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 12:04 AM.

Analysis

This instruction-only skill is coherent for vulnerability prioritization, with purpose-aligned use of local scan commands and public vulnerability intelligence feeds.

GuidanceThis skill appears safe and proportionate for its purpose. Before using it, review any shell commands you run, avoid sharing full internal vulnerability inventories externally unless approved, and verify inferred asset criticality or urgent patch recommendations before making operational changes.

Findings (7)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

SKILL.md

trivy image --format json $IMAGE 2>/dev/null ... grype $IMAGE -o json 2>/dev/null ... npm audit --json 2>/dev/null ... pip-audit --format json 2>/dev/null

The skill documents use of local scanner and package-audit tools, including a user-supplied image argument. These commands are purpose-aligned and read-oriented, but they can inspect local project or container dependency data.

User impactRunning the documented commands may expose local dependency and vulnerability information to the agent session.

RecommendationRun commands only in the intended project or image context and review scanner outputs before sharing them more broadly.

Agentic Supply Chain Vulnerabilities

SeverityInfoConfidenceHighStatusNote

SKILL.md

curl -s "https://api.first.org/data/v1/epss?cve=CVE-2024-1234,CVE-2024-5678" ... curl -s "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"

The skill relies on live public vulnerability intelligence feeds from FIRST EPSS and CISA KEV. This is expected for the stated purpose, but the accuracy and availability of those external data sources directly affect prioritization output.

User impactIf an external feed is unavailable, stale, or incorrect, the generated risk ranking may be wrong.

RecommendationTreat external-feed results as decision support and cross-check critical patch decisions with trusted security sources.

Unexpected Code Execution

SeverityLowConfidenceHighStatusNote

SKILL.md

curl -s "https://api.first.org/data/v1/epss?cve=..." | python3 -c "
import json, sys
data = json.load(sys.stdin)

The instructions include shell pipelines and inline Python snippets to parse JSON. This is central to the workflow and does not show downloaded code execution, but it is still local command execution.

User impactThe user may run local commands that process vulnerability data in their environment.

RecommendationReview commands before execution, especially when adapting examples to real project paths or image names.

Cascading Failures

SeverityInfoConfidenceHighStatusNote

SKILL.md

Risk Score = CVSS_normalized × EPSS_weight × asset_multiplier × exploit_maturity

The workflow turns scanner data and asset assumptions into ranked remediation output. This is the purpose of the skill, but wrong inputs or assumptions can propagate into patch priority and SLA recommendations.

User impactA mistaken asset criticality or reachability assumption could shift remediation effort toward the wrong vulnerabilities.

RecommendationValidate high-impact rankings against real asset exposure, ownership, and compensating controls before acting.

Human-Agent Trust Exploitation

SeverityInfoConfidenceHighStatusNote

SKILL.md

Ask about or infer the asset context ... 🚨 Critical Priority (patch within 24h)

The skill may infer asset context and uses urgent remediation language. This is normal for vulnerability triage, but users should verify inferred assumptions before trusting urgent patch timelines.

User impactUsers could over-trust an inferred risk score or urgent recommendation without checking the underlying context.

RecommendationConfirm the asset context, exploitability, and business impact before committing to emergency remediation.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceMediumStatusNote

SKILL.md

Compare current scan results against a previous baseline: - New vulnerabilities since last scan ... Track SLA compliance and flag overdue items.

The compare and SLA workflows depend on historical vulnerability context. That is purpose-aligned, but stale, incorrect, or overly trusted baseline data could affect future prioritization, and stored scan history may be sensitive.

User impactIncorrect or outdated baseline data could make the remediation plan miss new risks or overstate old ones.

RecommendationUse trusted baseline files, label their date and source, and avoid storing sensitive scan history where it can be modified by untrusted parties.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

SKILL.md

curl -s "https://api.first.org/data/v1/epss?cve=CVE-2024-1234,CVE-2024-5678"

The EPSS lookup sends CVE identifiers to an external provider. This is expected for enrichment, but a CVE list can reveal part of an organization's vulnerability inventory.

User impactQueried CVE IDs may disclose what vulnerabilities are being investigated.

RecommendationAvoid sending sensitive, proprietary, or full internal vulnerability inventories to external services unless that sharing is acceptable for your organization.