Tech Security Audit
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears to do what it claims—run Nmap-based security scans—but users should only scan systems they are authorized to test and should use a trusted Nmap installation.
Install and use this skill only if you need Nmap-based scanning. Make sure Nmap is installed from a trusted source, verify what target or network range will be scanned, and only scan systems where you have explicit authorization.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Scanning networks you do not own or have permission to test can cause legal, policy, or operational issues.
The skill invokes Nmap with a user-provided target and vulnerability scripts. This matches the stated purpose, but it can scan arbitrary hosts or ranges if the user provides them.
cmd = ["nmap", "-sV", "--script", "vuln", target, "-oX", "-"]
Use the skill only with explicitly authorized targets, review network ranges before scanning, and avoid broad scans unless you understand the impact.
The skill will depend on whichever Nmap binary is installed locally and found in PATH.
The package metadata does not declare the Nmap dependency even though the skill documentation and code rely on a local `nmap` executable in PATH.
Required binaries (all must exist): none ... No install spec — this is an instruction-only skill.
Install Nmap from a trusted source, verify `nmap --version`, and prefer a future package version that declares Nmap as a required binary.