Skillv1.0.0

ClawScan security

Security Incident Command · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 9, 2026, 8:20 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This instruction-only incident-command skill is internally consistent with its purpose and does not request extra credentials, installs, or system-level access beyond what a live incident management guide would reasonably need.
Guidance: This skill is a written incident-command playbook and appears coherent and low-risk: it doesn't ask for credentials or install code. Before using it during a live incident, read the full SKILL.md top-to-bottom to confirm there are no open-ended directives that would let the agent autonomously access production systems or secrets. Prefer human-in-the-loop operation for any destructive or high-impact steps (e.g., isolating systems, creating accounts, registering domains). If you plan to let the agent perform shell actions (Bash/Grep tools are listed as optional), restrict those to non-production copies or require explicit human approval per action. Finally, check the referenced dependency (incident-response-team-setup) so you understand any cross-skill expectations.

Review Dimensions

Purpose & Capability: okThe skill's name, description, and declared tasks (declare, staff, secure investigation, run forensics loop, handoff) align with the instructions in SKILL.md. It requests no binaries, env vars, or installs, which is proportionate for a playbook-style incident command guide.
Instruction Scope: noteSKILL.md is a prescriptive playbook for live incident command and references actions such as creating new channels, clean machines, and running forensics. Those are within the expected scope. The instructions do not declare or reference system file paths, secrets, or unrelated environment variables in the provided excerpt. Because it runs during live incidents, operators should review the full SKILL.md to confirm there are no open-ended directives (e.g., 'gather whatever context you need') that would grant broad autonomous access.
Install Mechanism: okNo install spec or code files are present — instruction-only, which minimizes risk. There is no downloadable code or archive that would be written to disk or executed.
Credentials: okThe skill requests no environment variables, credentials, or config paths. That matches its role as a procedural playbook and is proportionate to its stated purpose.
Persistence & Privilege: okalways is false and there is no attempt to persist or modify other skills or system-wide agent settings. The default model-invocation behavior remains enabled (normal for skills); combine this with the playbook's live-incident nature and ensure human oversight during any automated actions.