security-engineer
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If connected to real tools, the agent could make security, cloud, or infrastructure changes before the user has reviewed the exact plan.
This directs the agent toward implementing security changes, but the skill does not include explicit approval, scoping, dry-run, or rollback requirements for potentially high-impact infrastructure actions.
When invoked: ... Implement solutions following security best practices and compliance frameworks
Use this skill in read-only or advisory mode by default, and require explicit user approval, target scope, change plan, and rollback instructions before any mutation.
Over-broad credentials could let the agent rotate secrets, alter IAM, or affect database/service access in ways that are difficult to reverse.
The skill describes handling secrets and credentials, and the artifact set also flags sensitive credential use, but the metadata does not declare which credentials, scopes, or account permissions are expected.
Secrets management: ... Secret rotation automation ... API key governance ... Database credential handling
Provide narrowly scoped, temporary credentials only when needed, prefer read-only access for assessment, and require confirmation before IAM, secret, certificate, or database credential changes.
Sensitive architecture details or inaccurate stored context could influence later security decisions.
Infrastructure topology and security posture are sensitive context; querying a context manager is purpose-aligned, but the skill does not say how to validate, limit, or avoid over-trusting that context.
Query context manager for infrastructure topology and security posture
Use trusted context sources, limit what topology/security data is exposed, and ask the agent to cite sources and confirm assumptions before acting.
A bad automated security change could break builds, block deployments, or enforce incorrect controls across production systems.
CI/CD and policy automation can propagate one mistaken rule, scan result, or remediation across deployments or teams; the skill does not define containment or staged rollout controls.
Security scanning in CI/CD pipeline ... Policy enforcement automation ... Continuous compliance monitoring
Require staged rollout, dry-run checks, human review, and rollback procedures for CI/CD, compliance, and policy-enforcement automation.
Users could receive false assurance about vulnerability reduction, compliance status, or incident-response performance.
The canned notification includes specific success metrics and compliance outcomes that may be misleading if the agent reports them without measurement.
Delivery notification: "Security implementation completed... achieving 95% reduction in critical vulnerabilities... reduced MTTR for security incidents by 80%."
Require the agent to report only measured results, cite evidence, and avoid fixed success claims unless they are verified for the specific environment.