Back to skill
Skillv0.1.0
ClawScan security
Kansodata Grafana Authoring Operations · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 16, 2026, 5:21 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions align with its stated purpose (read/diagnose/propose/apply Grafana changes) and are conservative about writes, but it assumes platform-provided grafana_* tooling and does not declare how Grafana credentials or tooling are supplied — verify that before installing.
- Guidance
- This skill appears coherent for inspecting and proposing Grafana dashboard/alert changes and sensibly restricts write actions, but you should: (1) confirm how the grafana_* tools are provided by your agent/runtime and who controls them; (2) verify where Grafana API credentials live, what scopes they have, and that only minimal read/write scopes are granted; (3) keep write/apply gates disabled until a human review workflow is in place; (4) test in read-only mode first and review any generated JSON/diffs before enabling apply operations. If you cannot confirm how credentials/tooling are provisioned, treat the skill as potentially risky and require additional review.
- Findings
[no_findings] expected: The package is instruction-only and contains no code files; the regex-based scanner had nothing to analyze. This is expected for a pure SKILL.md.
Review Dimensions
- Purpose & Capability
- noteThe SKILL.md describes read-only inspection, diagnosis, JSON generation/refactor, and gated apply flows using a set of grafana_* tools (e.g., grafana_get_dashboard, grafana_list_dashboards, grafana_export_dashboard_json). That capability set matches the name/description. However, the skill declares no required env vars, binaries, or install steps — it therefore assumes the host/agent runtime provides those grafana_* tools and any necessary credentials. Confirm how those tools and credentials are provisioned; otherwise there is an information gap.
- Instruction Scope
- okInstructions stay on-topic: they instruct the agent to read Grafana state before proposing changes, avoid inventing resources, degrade to drafts when context is lacking, and require a write tool/gate before applying. The SKILL.md does not instruct the agent to read unrelated files, environment variables, or exfiltrate data to unknown endpoints.
- Install Mechanism
- okNo install spec and no code files (instruction-only). This is the lowest-risk pattern: nothing is downloaded or written by the skill itself. Any execution risk depends on the platform-provided grafana_* tooling, not on this skill's package.
- Credentials
- noteThe skill lists no required environment variables or credentials. Practically, Grafana operations normally require an API URL and token (or similar auth). The absence of declared credentials is acceptable if the platform supplies and controls the grafana_* tools and their secrets, but you should verify where Grafana API credentials live, what scopes they have, and that the agent isn't granted broader secrets than necessary.
- Persistence & Privilege
- okalways is false and the skill does not request persistent or elevated platform presence. The SKILL.md explicitly gates write operations and requires tooling/gates to be enabled before applying changes, which limits autonomous destructive capability.