v3.0.0

Ralph Security Audit

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:48 AM.

Analysis

This is a coherent security-audit skill, but it asks the agent to inspect secrets, environment/auth infrastructure, and persist reports without clearly defining scope or redaction.

GuidanceUse this only on projects and environments you are authorized to audit. Before running it, define the scope, approve any host-level commands, and require redaction of secret values in the generated .ralph-report.md files.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

SKILL.md

1. `git rev-parse --show-toplevel`, `git remote -v`

The skill documents local command use for project discovery. This is expected for a security audit, but users should notice that the agent may inspect repository metadata and local project structure.

User impactThe agent may run local discovery commands and inspect repository configuration as part of the audit.

RecommendationRun it from the intended project directory and review any proposed commands before allowing broader system inspection.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

SKILL.md

| 8 | Exposed ports (host/container) | ... | 10 | Cron jobs and scheduled tasks | ... | 12 | Docker environment check |

The audit includes local infrastructure inspection. This is relevant to the stated security purpose, but it reaches beyond simple source-code reading into host/container configuration.

User impactThe agent may inspect ports, containers, and scheduled tasks on the local environment.

RecommendationLimit the audit to development or approved systems, and require confirmation before running host-level or container-level inspection commands.

Agentic Supply Chain Vulnerabilities

SeverityInfoConfidenceMediumStatusNote

metadata

Source: unknown; Homepage: none; Registry Version: 3.0.0; SKILL.md metadata version: "2.0.0"

The skill is instruction-only, so there is no package code dependency risk shown here, but the provenance is limited and the displayed version metadata is inconsistent.

User impactIt may be harder to confirm the publisher history or compare this skill to an upstream source.

RecommendationConfirm that the owner and version are the ones you intended to install, especially before using it on sensitive repositories.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusConcern

SKILL.md

| 46-50 | Secret detection (API keys, passwords, tokens) |

The skill explicitly directs the agent to inspect credentials and tokens. That is purpose-aligned for a security audit, but the artifacts do not define which locations are in scope, whether values should be redacted, or how credential material should be handled.

User impactThe agent may read highly sensitive secrets or authentication material during the audit.

RecommendationOnly run this on projects you intend to audit, define the allowed paths and environments first, and require secret values to be redacted in all outputs.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusConcern

SKILL.md

On start: rename existing `.ralph-report.md` to `.ralph-report-{YYYY-MM-DD-HHmm}.md`. Auto-save every 10 iterations.

The skill persists audit output to local report files. Because the audit includes secrets and security findings, the report could retain sensitive information unless the agent is separately instructed to redact or protect it.

User impactSensitive vulnerabilities, environment details, or secret references may be saved in files that could later be committed, shared, or read by others.

RecommendationStore reports outside public repositories when possible, add .ralph-report*.md to .gitignore, and require redaction of tokens, passwords, keys, hostnames, and exploit details.