Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Prisma Access All-in-One
v1.0.0All-in-one Prisma Access management for Strata Cloud Manager (SCM). Generate configurations, audit against best practices, migrate between tenants, troublesh...
⭐ 0· 0·0 current·0 all-time
byH@CKMEN@leesandao
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the actions in SKILL.md (generate configs, audit, migrate, troubleshoot via SCM API). Declared requirements (curl, jq, SCM_CLIENT_ID/SCM_CLIENT_SECRET/SCM_TSG_ID) are appropriate for SCM API use. However, tenant migration workflows in the README show SRC_/DST_ environment variables for source and destination tenants that are not listed in the declared requires.env, creating a mismatch between claimed capabilities and declared requirements.
Instruction Scope
The SKILL.md instructs the agent to perform high-impact API workflows (export, transform, POST to target, validate, and optionally commit). Migration workflow examples reference additional environment variables (SRC_SCM_*/DST_SCM_*) and assume the agent will read those; these extra envs are not declared. While the doc says dry-run and explicit confirmation are required before commit, the instructions give the agent broad discretion to query and push configs across tenants — that scope should be explicit and matched to declared requirements.
Install Mechanism
Instruction-only skill with no install spec or code files. This is low risk from an install perspective. It does require curl and jq on PATH, which is reasonable for making and parsing SCM API calls.
Credentials
Requested environment variables (SCM_CLIENT_ID, SCM_CLIENT_SECRET, SCM_TSG_ID) are appropriate for authenticating to SCM, but the SKILL.md also shows usage of SRC_*/DST_* credential variables for migrations that are not declared. The skill will need full API credentials able to read/export and write/import configurations; that is high privilege and should be limited via least-privilege API clients. The mismatch between declared env vars and those referenced in instructions is a notable oversight that could lead to accidental credential exposure or misunderstanding about which secrets are required.
Persistence & Privilege
always:false and default autonomous invocation are set; the skill does not request persistent/always-on presence. The documentation requires explicit user confirmation before commits (safety guardrail). Because the skill can perform destructive operations (commits) across tenants, exercise caution, but there are no platform privilege flags (like always:true) that would grant unusual persistence.
What to consider before installing
This skill appears to do what it says (manage Prisma Access via the SCM API) but has some important caveats: (1) The migration examples reference source/destination environment variables (SRC_SCM_* / DST_SCM_*) that are not declared — confirm what credentials the skill will read before providing secrets. (2) The skill requires SCM API credentials capable of exporting and importing configurations; use least-privilege API clients and consider creating scoped service accounts for read/export and a separate, tightly-scoped account for commits. (3) Test everything in dry-run mode and in a non-production tenant first; do not provide production secrets until you understand the exact API calls and payloads the skill will use. (4) Because this is instruction-only, review the linked GitHub repo and any examples to confirm behavior; if unclear, ask the maintainer to explicitly declare SRC_/DST_ env vars and to document exact API endpoints and confirmation prompts. (5) Remove or rotate any credentials after use and consider running interactions from an isolated environment.Like a lobster shell, security has layers — review code before you run it.
latestvk9761b1ca4nnbd2wf0w57mrmbh84qrhj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🛡️ Clawdis
Binscurl, jq
EnvSCM_CLIENT_ID, SCM_CLIENT_SECRET, SCM_TSG_ID
Primary envSCM_CLIENT_ID