Skillv1.0.0

ClawScan security

ad-security-reviewer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 10:07 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is an instruction-only AD security advisor (no code or installs) but is vague about how it obtains domain data and has no provenance; it could be safe as a consultancy-style helper but requires caution before using it to generate or execute remediation scripts.
Guidance: This skill is an advisory AD security reviewer with no code or installs — that makes it low-risk by itself, but there are practical and provenance concerns to consider before using it in production. Actions to take before installing or running it: - Verify provenance: the source/homepage is unknown. Prefer skills from known authors or request the SKILL.md origin before trusting it. - Expect it to be advisory only: the skill declares no domain credentials or scanners. If you want automated discovery or remediation, plan how you'll securely provide read-only AD data or use a dedicated remediation agent. - Review generated scripts before executing: the skill promises PowerShell/GPO scripts. Always peer-review and test any generated script in a lab/staging environment before running against production AD. - Limit downstream privileges: if you combine this with agents that perform remediation (powershell-security-hardening, windows-infra-admin, etc.), require explicit human approval and restrict credentials those agents can use (use just-in-time or least-privilege accounts). - Ask for a sample output: request an example assessment report and example remediation script to inspect formatting and safety before trusting it with domain-sensitive tasks. Because the skill is vague about how it gets environment context and has no visible provenance, proceed with caution and human oversight.

Review Dimensions

Purpose & Capability: noteThe name/description match the SKILL.md: an Active Directory security reviewer that produces recommendations and remediation scripts. However, an AD posture assessment typically requires read access to domain data or integration with agents that do — yet the skill declares no credentials, tools, or config paths. That omission is explainable (this is advisory/instruction-only and delegates execution to other agents), but it's notable: if you expect automated discovery or testing, this skill does not declare the access needed to do that itself.
Instruction Scope: noteSKILL.md is high-level and stays within the stated purpose (checklists, deliverables, and recommended checks). It does not instruct the agent to read local files, environment variables, or contact external endpoints. It is somewhat vague about data collection and leaves open how the agent should obtain environment-specific context; that vagueness grants broad discretion which could lead to unexpected behavior if combined with other skills that perform privileged operations.
Install Mechanism: okNo install spec and no code files — instruction-only. This is the lowest-risk install mechanism: nothing will be downloaded or written by the skill itself.
Credentials: noteThe skill requests no environment variables, credentials, or config paths. For a pure advisory skill this is reasonable and safer, but real AD assessments normally require read or admin credentials or access via other tooling. The SKILL.md explicitly references integration with PowerShell/RSAT and other administrator-oriented agents; those integrations are where sensitive credentials or privileges would be needed. In short: the skill itself doesn't demand secrets, but using it as intended likely involves combining it with higher-privilege components.
Persistence & Privilege: okalways is false and the skill is user-invocable. Model invocation is allowed (default) but there is no indication the skill requests permanent presence or modifies agent configs. No privilege escalation is visible in the skill itself.