Database Security Audit
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears to be a coherent database-audit reporting API, but users should be aware that submitted security-posture details may be sent to and retained by an external service.
This looks like a normal instruction-only API skill for database security audit reporting. Before installing or using it, verify the provider, check retention/privacy expectations, and avoid submitting secrets or highly detailed internal security findings unless your organization approves sharing them with the external API.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may disclose details about database access controls, encryption, network protections, auditing, and backups to the API provider.
The API is intended to receive detailed database security-posture information, which can be sensitive if shared outside the organization.
processes security audit data across multiple control domains—including access control, encryption, network security, auditing, and backup
Only submit audit data that your organization is comfortable sharing with this external service, and avoid including secrets, credentials, hostnames, or exploitable vulnerability details unless approved.
Audit submissions may be retained over time with session identifiers and timestamps.
The artifact discloses persistence of audit-related records, which is purpose-aligned for compliance reporting but relevant for retention and privacy review.
The service maintains audit trails with session tracking and timestamps
Confirm retention, deletion, and access policies before submitting sensitive internal security information.
Users have less registry-level information for independently validating who operates the API and how it is maintained.
The package has no executable install content, but the registry metadata does not provide a clear source repository or homepage for provenance verification.
Source: unknown; Homepage: none
Verify the provider and API endpoint through trusted channels before sending organization-specific audit data.