v1.0.0

incident-responder

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 1:46 PM.

Analysis

This incident-response skill is relevant to its purpose, but it includes examples that can use production SSH/Kubernetes privileges and automatically make operational changes without clear approval safeguards.

GuidanceReview this skill carefully before installing. It is aligned with incident response, but only use it with explicit target systems, least-privilege credentials, and a rule that diagnosis commands may run separately from any remediation, rollback, log cleanup, or cluster mutation.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

references/examples.md

def auto_remediate(self, diagnostics: Dict) -> List[str]: ... subprocess.run(["sync"], check=True) ... subprocess.run(["echo", "3", ">", "/proc/sys/vm/drop_caches"], shell=True) ... subprocess.run(["journalctl", "--vacuum-time=7d"], check=True) ... actions = responder.auto_remediate(diagnostics)

The example shows an automated remediation workflow that performs host-level changes and log cleanup based on diagnostics, then calls that remediation path directly, without an explicit approval or dry-run step.

User impactIf followed or adapted by an agent, this could change a production host, remove older logs, or affect system behavior during an incident without a clear confirmation checkpoint.

RecommendationRequire explicit human approval before remediation, add a dry-run mode, limit actions to approved hosts/services, log all actions, and separate diagnosis from mutation by default.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceHighStatusNote

SKILL.md

kubectl run debug --image=nicolaka/netshoot -it --rm

The Kubernetes debugging guidance runs an external container image by tag rather than an approved or digest-pinned image.

User impactRunning an unpinned public debug image in a cluster can introduce unreviewed tooling into a sensitive production environment.

RecommendationUse an organization-approved debug image, pin it by digest, and confirm the target namespace and permissions before launching it.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

SKILL.md

-l "ssh server1 'tail -f /var/log/app.log'" ... kubectl exec -it $POD_NAME -- /bin/bash ... kubectl rollout undo deployment/$DEPLOYMENT --to-revision=2

The skill documents use of existing SSH and Kubernetes authority, including interactive pod access and deployment rollback, while the registry metadata declares no credentials, config paths, or scope limits.

User impactAn agent using the user's existing production credentials could access hosts or clusters and make deployment changes beyond what the user expected.

RecommendationDeclare the expected credential sources, restrict use to user-specified hosts/clusters/namespaces, and require confirmation before any command that mutates production systems.