Emergency Rescue Kit
Security checks across malware telemetry and agentic risk
Overview
This instruction-only disaster-recovery skill is coherent and transparent, but it includes powerful commands that can change repositories, cloud credentials, and databases if used in the wrong context.
Install only if you want a runbook for emergency developer recovery. Treat every command as a template, not something to run blindly: verify the target repo/account/database, make backups where possible, coordinate with teammates, and require explicit approval before destructive or production-impacting steps.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the wrong command, branch, or commit hash could overwrite shared history or lose local changes.
The skill documents high-impact git commands that can rewrite a shared branch or discard local work. These are purpose-aligned for emergency recovery and are presented as manual runbook steps, not hidden automation.
git push origin <good-commit-hash>:main --force-with-lease ... git reset --hard <commit-hash-before-disaster>
Before running any fix command, confirm the repository, branch, commit hash, backup state, and whether teammates need to coordinate.
If used against the wrong account, key, user, or database, these steps could lock out services or people.
Credential leak recovery instructions include cloud key revocation and database password rotation. This is expected for the stated purpose, but it relies on privileged account access.
aws iam delete-access-key --access-key-id AKIAXXXXXXXXXXXXXXXX --user-name <user> ... ALTER USER myuser WITH PASSWORD 'new-secure-password';
Verify the exact leaked credential, owning account, service dependencies, and replacement/rollback plan before revoking keys or changing passwords.
Some recipes may fail or may use whatever provider CLI authentication is already active on the machine.
The metadata declares only git/bash and no credentials, while the visible runbook includes optional provider-specific commands such as gh and aws. This appears to be under-declared optional tooling rather than hidden installation behavior.
Required binaries (at least one): git, bash Required env vars: none Primary credential: none
Check which CLI tools and account profiles are active before following provider-specific recovery steps.