Skillv1.0.0

ClawScan security

Web Application Attack Surface Mapping · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 29, 2026, 11:44 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements and instructions are coherent with its stated purpose (attack-surface mapping for authorized web-app testing); it is instruction-only, requests no extra credentials, and does not try to install or persist anything unexpectedly.
Guidance: This skill appears to be a coherent, instruction-only checklist for authorized web-application reconnaissance. Before using it: (1) ensure you have explicit written authorization for the target (the skill itself emphasizes this); (2) run it only in a controlled project directory or sandbox — source repos and HTTP captures often contain secrets (API keys, DB credentials); (3) do not provide unrelated system credentials or agent tokens to the skill; (4) if you enable the optional network capabilities (WebFetch/Bash), supervise any live requests — the agent can perform broad queries and should not contact third-party endpoints or exfiltrate data without your consent; (5) adopt safe handling and disclosure practices for any sensitive findings (secrets, vulnerabilities). If you need the agent to interact with live targets, require an explicit human-in-the-loop approval step before any network probing.

Review Dimensions

Purpose & Capability: okThe name and description (map content, entry points, fingerprint technologies, enumerate hidden paths) align with the declared execution environment (analyze a codebase, HTTP logs, or intercepted traffic) and required tools (Read/Grep, optional WebFetch/Bash). There are no unrelated env vars, binaries, or install steps requested that would be disproportionate to the stated reconnaissance/mapping purpose.
Instruction Scope: noteSKILL.md is an instruction-only guide to inspect source code, proxies, and public sources and to perform directory-enumeration and fingerprinting. This scope is appropriate, but the workflow inherently involves reading repository files, config artifacts, and HTTP captures — which may contain sensitive credentials. The doc permits network queries (optional WebFetch/Bash) and use of public search/archives; ensure human authorization before any live-target requests. No explicit instructions to exfiltrate results to third-party endpoints were found in the metadata provided.
Install Mechanism: okThere is no install specification and no code files. Because the skill is purely instructions, it does not download or write code to disk — the lowest-risk install profile.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. That is proportionate: mapping an application from provided artifacts or live testing does not require platform secrets. Note: during use, the agent may request access to project files or credentials for external services (e.g., API keys for web archives or bug-bounty platforms) — provide only what is necessary and authorized.
Persistence & Privilege: okalways is false and the skill does not request any increased persistent presence or modifications to other skills or agent-wide settings. Autonomous invocation is allowed by platform default but is not elevated here.