Skillv1.0.0

ClawScan security

Incident Fupan (事故复盘) — Structured Root Cause Analysis · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 3, 2026, 6:05 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally coherent for conducting postmortems: its required actions (reading logs, git state, service status, writing a report) match its stated purpose, but it includes persistent actions (storing to long-term memory and suggestions to update other docs/skills) that warrant caution and human review before granting write privileges.
Guidance: This skill appears to do what it says (structured postmortems) but includes persistent and cross-skill actions that need human controls. Before installing or enabling it: (1) Confirm where 'long-term memory' is stored and whether that storage is visible to third parties; disable automatic memory writes or require explicit approval. (2) Require human review before the agent writes the final report to permanent storage or publishing the report. (3) Require human approval before the agent updates AGENTS.md, TOOLS.md, or any other skill/config — treat those as change requests, not automatic edits. (4) Limit file access: only allow the agent to read explicitly agreed log/config file paths; avoid giving blanket filesystem access or root privileges. (5) Redact or review sensitive data (credentials, PII) before storing or sharing; add a step to mask secrets. (6) Run the skill in a sandboxed or least-privilege environment when possible and audit the created ~/incidents files. If you need higher assurance, ask the skill author to remove automatic memory writes and to require a confirm step before any file writes or skill/document edits.

Review Dimensions

Purpose & Capability: okThe name/description (incident postmortem) align with the instructions: collecting logs, git state, service/process status, data files, building a timeline, running 5 Whys, producing a formatted report, and proposing defensive rules. Commands suggested (grep, git, systemctl, ps, file reads) are appropriate for root-cause analysis.
Instruction Scope: noteSKILL.md gives explicit runtime commands to collect evidence (grep logs, git log/diff, systemctl/ps, read CSVs/configs) and mandates that every factual claim cite a source. That scope is appropriate, but it requires the agent to read arbitrary files and run shell commands — which is expected for an incident review but should be limited to explicitly approved paths and kept read-only. The skill also instructs the agent to 'store key lessons to long-term memory' and to 'update AGENTS.md, TOOLS.md, or relevant skill with new rules' — these steps expand the agent's scope beyond a single report and introduce change/write operations that should be gated by human review.
Install Mechanism: okInstruction-only skill with no install spec and no code files; nothing will be written to disk by an installer. This is the lowest install risk.
Credentials: noteNo environment variables, credentials, or config paths are declared or required. However, the instructions require reading potentially sensitive artifacts (logs, configs, data files) and writing a report to ~/incidents plus saving lessons to long-term memory. Those actions are proportionate to a postmortem, but they can expose secrets or PII if not handled carefully — the skill does not provide redaction guidance or limits on what to persist to memory.
Persistence & Privilege: concernAlthough always:false, the skill directs the agent to (1) save files under ~/incidents, (2) store lessons to long-term memory, and (3) update AGENTS.md/TOOLS.md or 'relevant skill' with new rules. Writing to long-term memory and modifying other skill/docs represents non-trivial persistence and cross-scope modification. These write/update operations should require explicit human authorization and auditing; otherwise they increase the blast radius if misused.