Cloud Service Mapper & Decision Advisor
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a coherent cloud recommendation API skill, with the main cautions being limited provider provenance and potential sharing of workload details with the API.
This skill does not install code or request credentials, and its behavior matches its stated cloud-advisory purpose. Before using it, confirm who operates the API and avoid submitting secrets, exact internal architecture, compliance-sensitive details, or confidential migration plans unless you trust the provider.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If users include detailed infrastructure, compliance, or migration plans, those details may be shared with the API provider.
The skill is designed to send workload and organizational context to an API. This is purpose-aligned, but cloud architecture, industry, priorities, and migration context can be sensitive business information.
The API considers team size, industry context, current cloud environment, and business priorities to deliver tailored recommendations.
Use sanitized, high-level workload descriptions unless you have confirmed the provider, endpoint, retention policy, and privacy terms.
Users may not have enough information from the artifacts alone to validate the API operator before sharing workload details.
There is no local code or install step, but the provider provenance is limited, making it harder for a user to independently verify who operates the API.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Verify the publisher and service endpoint before using the skill for sensitive infrastructure or business planning.