Back to skill
Skillv0.83.3
ClawScan security
agent-bom compliance · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 30, 2026, 5:47 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The SKILL.md, metadata, and requested inputs are consistent with an offline compliance/SBOM tool that optionally performs cloud CIS checks; the main risk is that it is instruction-only and delegates execution to a third‑party package you must install.
- Guidance
- This skill is coherent with its stated purpose, but it is an instruction-only wrapper that tells you to install and run the external 'agent-bom' package. Before you install: 1) review the upstream repository and PyPI/ghcr package contents and recent release history; 2) install/run in an isolated environment (VM/container) if you want to limit blast radius; 3) only supply cloud credentials when you intentionally run the optional CIS checks and prefer least-privileged/read-only credentials; and 4) verify the tool's network/telemetry behavior yourself (the SKILL.md asserts 'zero network calls' for many checks but that claim applies to the external package). If you are comfortable trusting the upstream project, the skill appears internally consistent.
Review Dimensions
- Purpose & Capability
- okThe name/description (compliance, SBOM, OWASP/NIST/CIS checks) matches the declared behavior: local analysis and optional cloud CIS checks. Optional cloud credentials (AWS/Azure/GCP/Snowflake) are appropriate for cloud account checks. The skill does not demand unrelated credentials or system access.
- Instruction Scope
- noteThe SKILL.md only instructs the agent to install and run the external agent-bom tool (pipx/pip/docker) and to read user-provided SBOMs and policy files. It does not ask the agent to read unrelated system files or exfiltrate data. However, because the skill is instruction-only and contains no code, the actual runtime behavior depends entirely on the external package you install; the SKILL.md's claims (e.g., 'zero network calls' for some checks) are assertions about that package, not verifiable here.
- Install Mechanism
- noteNo install spec is embedded in the skill bundle; the README instructs users to install from PyPI (pipx/pip) or pull a Docker image from ghcr.io. Those are standard package sources (lower risk than arbitrary URLs), but installing will download and execute third‑party code—review the upstream package/release before installing.
- Credentials
- okNo required environment variables or credentials are declared; cloud credentials are explicitly optional and justified for optional CIS benchmark checks. This is proportional. Be aware optional vars (e.g., SNOWFLAKE_PRIVATE_KEY_PATH) allow the tool to read local secret files — supply only in trusted, isolated contexts.
- Persistence & Privilege
- okThe skill does not request persistent installation privileges or 'always' enablement. Metadata indicates no telemetry/persistence. Autonomous invocation is marked as restricted. There is no instruction to modify other skills or global agent settings.