Agent Stack Audit
ReviewAudited by ClawScan on May 13, 2026.
Overview
This audit skill is mostly purpose-aligned, but it asks to inspect sensitive API/key, script, cron, skill, and memory data with unclear boundaries and allows one kind of code change without explicit approval.
Use this only after defining the exact folders, cron locations, skill directories, API inventories, and memory files it may inspect. Do not let it change scripts automatically; require a reviewed diff and approval for every modification, and ensure reports do not include raw API keys or sensitive project notes.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could inspect or summarize sensitive API/account information beyond what the user intended for this audit.
The skill directs the agent to inspect API key inventory and subscription/account usage, which is sensitive account authority, but it does not bound which key stores, accounts, or secret values may be read or how they should be redacted.
Cross-reference your API inventory against actual script usage: - Any API key configured but never called in the last 30 days? - Any paid subscription that maps to zero active script usage?
Before use, specify exact directories, account inventories, and secret stores that may be inspected, and require redaction of actual key values in all outputs.
A script could be changed in a way that breaks an automation or removes a still-needed API call.
The exception permits modifying scripts without clearly requiring explicit user approval, review of the exact change, or rollback instructions.
Never delete anything without explicit user approval — only RECOMMEND 2. One exception: If a script references a dead API that has been confirmed cancelled → safe to comment out the call and log it. Don't delete the file.
Require explicit approval for every file modification, show a diff first, make backups, and write clear rollback steps.
Private project context or stale instructions could be pulled into the audit and preserved in new state files.
The skill asks to read persistent memory/context files, but does not define path limits, exclusions, retention, or whether sensitive project details should be omitted from the generated audit report.
Review project memory and context files: - Any project memory not updated in 30+ days? - Projects marked "on hold" for 60+ days with no activity? - Contradictions between your main context file and individual project files?
Limit the audit to named memory files, exclude secrets and private notes by default, and redact sensitive content in the generated report.
If the user later wires this into a scheduler, it could repeatedly scan local automation and state files.
The skill describes recurring scheduled operation, but the provided artifacts do not include any code or install mechanism that would create persistence automatically.
Scheduled: First Monday of every month, 05:00 local time. Quick scan: Every Sunday (cron health only — 5 min).
Only schedule this deliberately, keep the scope narrow, and review the first few reports before allowing recurring runs.