Back to skill
Skillv1.0.0
ClawScan security
azure-infra-engineer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 1:55 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- An instruction-only Azure infrastructure design/automation skill whose declared scope, lack of install steps, and zero credential requirements are coherent with its stated purpose of generating designs, Bicep/PowerShell examples, and guidance rather than performing live deployments.
- Guidance
- This skill is an instruction-only authoring assistant for Azure architecture and PowerShell/Bicep examples. It will not deploy resources or access your environment by itself because it requests no credentials or installs. If you want it to perform live deployments or run Az/Powershell commands, you (or the agent runtime) would need to supply Azure credentials and a PowerShell/Az-capable environment — only provide those if you trust the runtime. Review any generated scripts and IaC templates before running them in production (least-privilege RBAC, test in a sandbox, and validate Bicep/ARM previews). Also note that references to integrating with other agents are conceptual; the skill does not include code to call or provision those agents.
Review Dimensions
- Purpose & Capability
- okName and description match the SKILL.md content: the skill is positioned as an Azure infra expert producing architecture guidance, PowerShell/Az snippets, and IaC (Bicep/ARM) templates. It does not claim to perform live cloud operations, and it does not request credentials or binaries — this is coherent for a read/generate-style assistant.
- Instruction Scope
- okSKILL.md contains guidance, checklists, examples, and recommended integrations. It does not instruct the agent to read local files, access environment variables, or transmit data to external endpoints. The instructions stay within the domain of design and code generation; they do not attempt scope creep such as exfiltrating credentials or scanning the host.
- Install Mechanism
- okNo install spec and no code files (instruction-only) — nothing is written to disk and no external packages are fetched. This minimizes installation risk and is proportional to an advisory/authoring skill.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. That is proportionate for a skill that only generates IaC and PowerShell samples. Note: if a user expects the skill to actually run Az/PowerShell commands or deploy resources, they will need to provide appropriate Azure credentials and a runtime with Az modules installed; those are intentionally not requested by the skill.
- Persistence & Privilege
- okalways is false and the skill does not request any elevated persistence or modify other skills' configuration. Autonomous invocation is allowed (platform default) but that is not, by itself, a concern given the skill's instruction-only, read/generate nature.