ClawHub

prisma-audit

v1.1.0

Audit and validate Prisma Access configurations against best practices and security standards. Use when reviewing security policies, checking for misconfigur...

0· 72·0 current·0 all-time
byH@CKMEN@leesandao
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Prisma Access configuration auditor) aligns with the SKILL.md: it describes checks for security policy, NAT, decryption, GlobalProtect, object hygiene, and compliance. There are no unrelated required binaries, env vars, or config paths that would be out of scope for a config auditor.
Instruction Scope
The skill accepts configuration via a file path or pasted JSON and enumerates detailed checks. That scope is appropriate for an auditor. Note: because it allows arbitrary file paths or pasted config, users may inadvertently provide sensitive secrets (API keys, certificates) in the config; the instructions do not specify how sensitive fields will be handled or whether data is transmitted externally.
Install Mechanism
No install spec or code files are present (instruction-only), so nothing is written to disk or downloaded by the skill itself. This is the lowest-risk install footprint.
Credentials
The skill declares no required environment variables or credentials, which is proportionate. However, auditing Prisma Access configs often involves parsing sensitive artifacts (certificates, secrets, IP pools). The skill does not request credentials but will process any secrets included in user-supplied configs—users should avoid pasting secrets unless necessary.
Persistence & Privilege
always is false and the skill does not request persistent agent-wide privileges. There is no indication it modifies other skills or system configuration.
Assessment
This skill appears coherent for auditing Prisma Access configuration, but it will need actual config data to run. Before using it: (1) avoid pasting secrets or private keys—redact API keys, certificates, and passwords from configs; (2) prefer providing a sanitized file path rather than pasting full configs into chat; (3) inspect the upstream repository (homepage provided) if you want more assurance about how the agent will process input; and (4) if you are concerned about exfiltration, run the audit in an environment without outbound network access or use a local/manual review instead.

Like a lobster shell, security has layers — review code before you run it.

latestvk978fzxn0kycrhjwxsz2m59wbh84rw20

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔍 Clawdis

Comments