ClawHub

Splunk Log Analyzer Dashboard

PassAudited by ClawScan on May 1, 2026.

Overview

The skill appears to be a local Streamlit dashboard for analyzing user-selected log files, with no artifact evidence of exfiltration, credential use, persistence, or destructive behavior.

This looks appropriate for a local log-analysis dashboard. Before installing, be aware that it runs a local Streamlit server, depends on public Python packages, and can display sensitive contents from whichever log directory you select.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Low
#ASI04: Agentic Supply Chain Vulnerabilities
What this means

Installing the skill may require pulling Python packages from the public package ecosystem, which can change over time if versions are not pinned.

Why it was flagged

The skill declares third-party Python packages installed from pip without version pins. These packages are expected for a Streamlit dashboard, but users should notice the dependency/provenance surface.

Skill content
"kind": "pip", "package": "streamlit" ... "package": "pandas" ... "package": "plotly"
Recommendation

Install in a trusted Python environment and prefer pinned, reviewed package versions if packaging this for production use.

Info
#ASI05: Unexpected Code Execution
What this means

Using the skill starts a local web application process on port 8506 until it is stopped.

Why it was flagged

The launch script runs the included Python dashboard through Streamlit. This is the core function of the skill and is disclosed, but it still means local code is executed.

Skill content
streamlit run log-analyzer.py --server.port 8506
Recommendation

Run it only when needed, keep it local, and stop the Streamlit process when finished.

Low
#ASI06: Memory and Context Poisoning
What this means

Anyone viewing the local dashboard may see sensitive log entries such as IP addresses, authentication errors, or application failure details.

Why it was flagged

The app reads local log contents and keeps recent raw error lines for display and analysis. This is expected for a log analyzer, but logs can contain sensitive details.

Skill content
with open(log_file, 'r', encoding='utf-8', errors='ignore') as f: ... "raw": parsed["raw"] ... "recent_errors": errors[-100:]
Recommendation

Point the app only at log directories you intend to review, avoid sharing the local dashboard, and redact sensitive logs before analysis if needed.