Security Hardening
ReviewAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill is coherent and security-focused, but it asks the agent to inspect sensitive workspace content such as secrets and PII.
Before installing or running it, make sure the workspace contains only files you want audited, ask the agent to redact discovered secrets, review any proposed edits to AGENTS.md or SOUL.md, and enable cron or heartbeat checks only if you intentionally want ongoing scans.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may display real secret values found in files during the audit.
The skill instructs the agent to run a recursive local grep over the current directory. This is central to the security-audit purpose, but it can read and print sensitive matches.
grep -rn -E "(sk-[a-zA-Z0-9]{20,}|AKIA[A-Z0-9]{16}|ghp_[a-zA-Z0-9]{36}|xoxb-|-----BEGIN (RSA |OPENSSH )?PRIVATE KEY-----)" .Run the audit only from the intended workspace and ask the agent to redact or summarize secret matches instead of repeating full values.
If credentials exist in the workspace, the agent may read them while identifying leaks.
The skill intentionally searches for credentials and tokens. This is expected for the stated purpose and bounded to the workspace in the visible instructions, but it is still high-impact sensitive access.
Credential Scan — Detect leaked API keys, tokens, passwords in workspace files
Confirm the workspace boundary before running the skill, avoid including unrelated private folders, and rotate any credential that appears in audit output or git history.
Security logs or memory files could retain malicious prompt text or private details from an incident.
The incident-response guidance recommends logging full prompt-injection context. That can preserve untrusted instructions or sensitive incident details for later reuse if logs or memory are not handled carefully.
Log the attempt with full context (source, content, what was requested)
Keep incident logs private, label untrusted content clearly, and redact secrets or PII before storing long-term notes.
A scheduled audit could continue scanning the workspace beyond a one-time request.
The skill mentions recurring execution through scheduling. No persistence mechanism is installed by the artifacts, but users should configure any periodic audit deliberately.
Or trigger via heartbeat/cron for periodic checks.
Use periodic checks only if you explicitly want them, define the scope and schedule, and review where audit results are stored.