Cloud Risk Summary
PassAudited by ClawScan on May 1, 2026.
Overview
This skill is a coherent, instruction-only wrapper for a cloud-risk-summary API, with the main consideration being that cloud exposure details may be sent to an external service.
This appears safe to install as an instruction-only API skill. Before using it, confirm you trust the referenced external service and avoid sending secrets, credentials, customer data, or overly detailed internal architecture information unless your organization approves that data sharing.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Cloud vulnerability descriptions, affected services, environments, and business-impact details could leave the user's environment when the API is used.
The skill asks for cloud security exposure details and references an external API route, so user-provided cloud risk information may be transmitted to a third-party service.
"exposures" ... "issue" ... "impact" ... "References" ... "Kong Route: https://api.mkkpro.com/compliance/cloud-risk-summary"
Submit only the information needed for the summary, avoid secrets or raw sensitive records, and confirm the external service is approved for your organization.
Users have less registry-level provenance information for verifying who operates the remote service.
The registry metadata does not identify a source repository or homepage, even though the skill points users to an external API service.
Source: unknown; Homepage: none
Verify the referenced ToolWeb/API provider and its data-handling terms before using the skill with sensitive cloud security information.