ClawHub

Security Change Rollout Planning

v1.0.0

Plan and execute a security change rollout across a service or fleet: classify the change into a time horizon (short / medium / long-term), triage affected s...

0· 91·0 current·0 all-time
byHung Quoc To@quochungto
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description match the actual requirements: it's a planning/consultation skill that optionally consumes a codebase or inventory to triage affected systems. It does not request unrelated binaries, environment variables, or external services.
Instruction Scope
The SKILL.md instructs the agent to gather structured inputs (change description, inventories, timelines) and produce a rollout plan. It may ask to inspect an optional codebase/infrastructure manifests, which is appropriate for triage. There are no instructions to read unrelated system files, harvest credentials, or transmit data to unexpected endpoints.
Install Mechanism
No install spec or code files are included; this is instruction-only, so nothing is written to disk or fetched during install.
Credentials
The skill declares no required environment variables, credentials, or config paths. The optional use of Read/Grep/Bash is consistent with inspecting a provided codebase or manifests; the skill does not demand unrelated secrets or tokens.
Persistence & Privilege
always is false and there is no install-time persistence. disable-model-invocation is false (normal), so the agent could call the skill autonomously, but that is expected for an invokable planner and is not combined with broad credential access.
Assessment
This is a planning skill (no code executed on install) and appears coherent with its stated purpose. Before using it: only provide sanitized inventories or code snippets (remove secrets or credentials), review any plan it outputs for operational safety, and avoid giving the agent access to live credentials or full production configs unless you intend it to read them. Note the skill is marked draft—validate outputs with your incident-runbook and release engineering team before acting.

Like a lobster shell, security has layers — review code before you run it.

bookforgevk97dwc9abdjx123cp4jw19ga5h84hbthlatestvk97dwc9abdjx123cp4jw19ga5h84hbthtags:vk97dwc9abdjx123cp4jw19ga5h84hbth

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📚 Clawdis

Comments