Skillv1.0.0

ClawScan security

Vendor Performance Audit · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 3, 2026, 10:22 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is a coherent vendor-audit checklist, but its runtime instructions expect access to internal ticketing/log systems and evidence sources without declaring how credentials or data access will be provided — the scope is vague and could lead to broad data access if the agent is allowed to fetch records automatically.
Guidance: This skill is essentially a human-facing audit template with clear scoring rules — useful — but it expects the agent to "pull ticket data, delivery logs, or incident records" without specifying how to connect to those systems. Before installing or enabling the skill: - Confirm which ticketing/log systems (JIRA, ServiceNow, Zendesk, PagerDuty, S3/cloud logs, internal DB) the agent will access and how credentials will be provided. - Prefer read-only, scoped credentials and explicit allowlists (only vendor X records for date range Y). - Ask the publisher for details on what data the agent will read/store and where any generated reports are persisted or transmitted. - Test on a non-production or sample vendor dataset first. - Ensure audit logging is enabled (who/when the agent accessed records). If the publisher cannot explain how data access will be scoped, treat the skill as higher risk — do not grant wide access to internal ticketing or logs.

Review Dimensions

Purpose & Capability: noteThe name, description, and scoring framework align with a vendor-performance audit. However, the SKILL.md repeatedly requires the agent to "pull ticket data, delivery logs, or incident records" and to review incident logs — capabilities that normally require credentials or integrations (JIRA, ServiceNow, Zendesk, cloud logging, ticket DBs). The skill does not declare any required credentials or integrations, so there is a mild mismatch between expected data access and declared requirements.
Instruction Scope: concernInstructions are operational and actionable (scorecard, weighted calculation, incident severity modifiers, improvement-plan template). They explicitly direct the agent to obtain evidence from ticket systems and logs and to review incident histories. Those directives are useful for the audit purpose but are vague about which systems/sources to use and grant the agent broad discretion to access any available records — this is scope creep that could result in the agent reading sensitive internal files or services if permitted.
Install Mechanism: okNo install spec and no code files; the skill is instruction-only. This minimizes filesystem/remote-code risk — nothing is downloaded or executed by the skill package itself.
Credentials: concernThe skill declares no required environment variables or credentials, yet its runtime instructions require access to potentially sensitive systems (ticketing/incident logs, delivery logs). The absence of declared credentials or integration requirements is disproportionate to the data the skill asks for and leaves unclear how the agent should be given access (and whether that access will be scoped/read-only).
Persistence & Privilege: okThe skill is not set to always: true, and model invocation is not disabled (normal). It does not request persistence or system-level configuration changes. There is no explicit privilege escalation or modification of other skills' configs.