ClawHub

Architecture Risk Assessor

v1.0.0

Quantify architecture risk using a 2D risk matrix (impact x likelihood, scored 1-9) and produce structured risk assessment reports. Use this skill whenever t...

0· 58·0 current·0 all-time
byHung Quoc To@quochungto
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description (architecture risk assessment, risk matrix, structured reports) align with the content of SKILL.md and the included risk-matrix template. The skill asks for architecture context and (optionally) to read repository artifacts such as Dockerfiles, k8s manifests, READMEs and service directories — which is appropriate for an assessor that can analyze a codebase. No unrelated binaries, env vars, or external services are requested.
Instruction Scope
SKILL.md explicitly directs the agent to gather architecture context from the user and, if available, from the environment (docker-compose, k8s manifests, package manifests, README, docs). This is coherent for the purpose, but it does grant the agent scope to read repository files and infra manifests when available — which may include sensitive configuration. The instructions do not direct the agent to send data to external endpoints, exfiltrate secrets, or execute arbitrary installs; they only require reading project artifacts and producing assessment text.
Install Mechanism
Instruction-only skill with no install spec and no code files that perform runtime actions. This minimizes disk/write/install risk. There are no downloads, extracted archives, or third-party packages to review.
Credentials
The skill declares no required environment variables, no credentials, and no config-path requirements. The only environmental access described is optional scanning of repo files for context, which is proportionate to an architecture assessment. No unrelated secrets or tokens are requested.
Persistence & Privilege
always is false and the skill does not request persistent system presence or modify other skills. The skill requires the agent's Read/Write tools to operate (read repo files and produce reports), which is expected and appropriate. Autonomous invocation is allowed by default (platform behavior) but is not combined with other concerning privileges here.
Assessment
This skill appears coherent: it analyzes architecture descriptions and repository artifacts and outputs risk matrices and mitigation notes. Before installing or enabling it, consider these practical points: - The skill will try to read project files (docker-compose, k8s manifests, package files, READMEs) if available — grant only read-only access and limit scope to directories you want analyzed to avoid exposing secrets or unrelated configs. - It requests no credentials and does not install software, so its technical footprint is small; however, review any assessment output before sharing externally because it may summarize sensitive architecture details. - Note the skill's 'Unproven Technology' rule: it prescribes assigning maximum risk (9) to technologies not used in production. This is a strict, deliberate policy that can bias results toward high-risk for unfamiliar tech — you may want to override or contextualize that rule when appropriate. - If you do not want the agent to scan your repo, provide an explicit architecture description instead. Overall this skill is internally consistent with its stated purpose; treat it as a read-only analysis assistant and restrict file-scan scope if you have sensitive project data.

Like a lobster shell, security has layers — review code before you run it.

architecturevk97bgze29qemg4bz3mqzd23wz584qetjbookforgevk97bgze29qemg4bz3mqzd23wz584qetjgovernancevk97bgze29qemg4bz3mqzd23wz584qetjlatestvk97bgze29qemg4bz3mqzd23wz584qetjriskvk97bgze29qemg4bz3mqzd23wz584qetjrisk-assessmentvk97bgze29qemg4bz3mqzd23wz584qetjrisk-matrixvk97bgze29qemg4bz3mqzd23wz584qetjsoftware-architecturevk97bgze29qemg4bz3mqzd23wz584qetj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📚 Clawdis

Comments