Sovereign Security Auditor
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent instruction-only security-audit skill, but audits may read and repeat secrets from the code you ask it to inspect.
This skill is reasonable to install if you want an AI agent to review code for security issues. When using it, point it only at repositories you intend to audit, avoid unnecessary production secrets, and explicitly tell the agent to redact or mask any credentials it finds in reports.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you point the agent at a repository containing production secrets, those secrets may be read during the audit.
The skill explicitly directs the agent to inspect files that can contain real credentials or account secrets. This is expected for secrets detection, but it is sensitive access.
Configuration -- Look for `.env`, config files, hardcoded values
Use the skill only on code you are authorized to review, scope the files or repository clearly, and prefer test/redacted secrets where possible.
Audit output could reveal credential values to anyone who can see the agent conversation or report.
The example report style reproduces secret values. If applied to real code, full secrets could end up in chat history, logs, or shared audit reports.
Credentials Found: 1. Database password: `Sup3rS3cret!Pr0d@2024` ... 6. JWT signing secret: `my-jwt-secret-do-not-share`
Ask the agent to mask secrets in findings, such as showing only the secret type, file location, and a short fingerprint, and rotate any real secrets found in code.