v1.0.0

Network Security Audit

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:39 AM.

Analysis

The skill appears to be a purpose-aligned network audit report generator, but users should be mindful that it processes sensitive security posture details through an API from an unclear source.

GuidanceThis skill looks coherent for generating network security audit reports and does not include executable code, install scripts, credential requirements, or destructive actions. Before using it with real organizational data, verify who operates the service and avoid submitting passwords, tokens, unnecessary internal host details, or other secrets unless you are comfortable with that data being processed by the audit platform.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityInfoConfidenceHighStatusNote

metadata

Source: unknown; Homepage: none

The registry metadata does not identify a source repository or homepage, which limits provenance review even though no executable code or install script is present.

User impactUsers have less context for who operates or maintains the audit service and where sensitive audit data may ultimately be handled.

RecommendationPrefer using this skill only after verifying the provider, endpoint, and data-retention/privacy terms through trusted channels.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

openapi.json

"/api/security/audit": { "post": { "description": "Generate comprehensive network security audit report", "requestBody": { ... "$ref": "#/components/schemas/AuditRequest" } } }

The skill is designed to send audit assessment data to an API endpoint. This is expected for the stated purpose, but the data can describe internal security posture.

User impactNetwork architecture, vulnerability, access-control, encryption, backup, and vendor-security notes may reveal sensitive information if shared with an untrusted or external service.

RecommendationOnly submit information intended for this audit workflow, avoid including passwords or unnecessary secrets, and confirm the service endpoint and data-handling expectations before using it with real organizational data.

Memory and Context Poisoning

SeverityInfoConfidenceMediumStatusNote

SKILL.md

The platform supports multi-user workflows with session tracking and user attribution for audit accountability.

The skill describes session tracking and user attribution. This is reasonable for audit accountability, but it implies audit metadata may be associated with users or sessions.

User impactAudit records could become linked to a specific user or session, which may matter for privacy, compliance, or internal governance.

RecommendationUse appropriate session IDs and user identifiers, and avoid entering personal or sensitive identifiers unless they are required for the audit process.