Security Analyst
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (ignore-previous-instructions); human review is required before treating this skill as clean.
This skill is reasonable to install for authorized security reviews. Before using it, confirm the codebase is yours to assess, review any proposed shell or package-manager commands, and protect or exclude generated docs/security/runs reports because they may contain vulnerabilities, secret locations, PII flow details, and exploit steps. ClawScan detected prompt-injection indicators (ignore-previous-instructions), so this skill requires review even though the model response was benign.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Generated reports may contain reproducible exploit steps that could be misused if shared broadly.
The skill can generate exploit material as part of a security audit. This is dual-use but directly matches the stated penetration-testing and vulnerability-analysis purpose.
Exploits: Exploit Development (1 agent, needs all findings) ... Develops complete exploits with PoCs, CVSS scores, CWE/ATT&CK IDs, chains
Use only on systems and code you are authorized to test, and restrict access to generated exploit reports.
If the agent or user runs optional tooling, it may execute local or package-manager commands in the project environment.
The templates reference optional local audit/SBOM commands, including npx-based tooling. These commands are purpose-aligned documentation, not hidden automatic execution.
To generate a machine-readable SBOM from this data, use: - CycloneDX: `npx @cyclonedx/cyclonedx-npm` / `cyclonedx-py` / `cyclonedx-gomod`
Review any proposed command before running it, especially commands that download or execute package-manager tools.
The agent may see secret values or secret locations while auditing the repository.
The skill is instructed to inspect files that may contain credentials or secrets. This is expected for a security audit, and the artifacts do not show credential use or transmission.
Search for: hardcoded API keys, tokens, passwords, connection strings in source code, config files, and environment files.
Run it only in trusted workspaces, avoid sharing raw outputs publicly, and rotate any real secrets discovered in source or config files.
Generated files may disclose vulnerabilities, PII flows, secret locations, or exploit details if committed or shared.
The skill persists audit outputs to disk, including vulnerability reports, exploit catalogs, and privacy assessments. This is disclosed and purpose-aligned, but the stored context can be sensitive.
Full runs write to `docs/security/runs/{YYYY-MM-DD-HHMMSS}/` ... `reports/exploits.md` ... `reports/privacy.md` ... `reports/final.md`Treat docs/security/runs as sensitive, review before committing to version control, and add it to .gitignore if reports should remain private.
Sensitive audit details may be propagated across sub-agent context and intermediate files during a run.
The workflow shares intermediate security findings between an orchestrator and specialized agents via files. This is part of the design, but it means sensitive findings are available to multiple agent steps.
Do NOT send full finding details in your return message. They are on disk. ... `Read` the file at `{FINDINGS_DIR}/{FINDING-ID}.md`Use the skill in trusted projects and limit the run scope when only a focused assessment is needed.