ClawHub

Security Scanner Triage

v0.1.0

Triage security/virus scanner findings for skills and automations. Use when scanner reports mixed-risk findings (defaults, credential handling, data routing,...

0· 20·0 current·0 all-time
by@okikesolutions
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill is an instruction-only triage workflow for scanner findings and requests no env vars, binaries, or installs — this matches the described purpose.
Instruction Scope
SKILL.md stays on-topic (normalize claims, verify evidence, rate risk, remediation, re-scan checklist). It asks the agent to "locate exact file/line evidence," which is appropriate, but is somewhat open-ended about which files may be inspected; guardrails note not to leak .env secrets. Recommend limiting file scope to the target repo and published skill files to avoid accidental access to unrelated system secrets.
Install Mechanism
No install spec and no code files — lowest-risk delivery model (instruction-only).
Credentials
No environment variables, credentials, or config paths are requested. Declared guardrails explicitly instruct not to leak secrets.
Persistence & Privilege
always:false and default invocation settings; the skill does not request persistent presence or elevated platform privileges.
Assessment
This is an instruction-only triage workflow and appears internally consistent. Before installing, ensure you: 1) only run it against the repository or skill bundle you intend triaged (avoid granting access to system-wide files), 2) provide the scanner output as input rather than giving blanket filesystem access, and 3) confirm the agent follows the guardrail to never read or transmit secrets (e.g., .env). If you need automated/remote triage that will inspect many repos or system files, consider adding explicit scope limits or technical controls first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97659appaq06mygj2w6w7gz3s844vpc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Security Scanner Triage

Workflow

  1. Normalize findings
  • Convert scanner text into discrete claims.
  • Group by category: data routing, credentials, defaults, docs mismatch, privilege/persistence.
  1. Verify against code/docs
  • Locate exact file/line evidence.
  • Mark each claim as:
    • Confirmed
    • Partially confirmed
    • Not reproducible
  1. Risk rate
  • Critical / High / Medium / Low
  • Include blast radius and exploitability notes.
  1. Remediation plan
  • Provide minimal patch order:
    1. safety first
    2. behavior/docs consistency
    3. version bump and publish notes
  1. Verification
  • Provide re-scan checklist and expected clean-state signals.

Output format

Use references/output-template.md.

Guardrails

  • Never leak secrets from .env.
  • Distinguish trust/disclosure issues from active vulnerabilities.
  • Always separate "data-routing transparency" findings from "security-impact" findings.

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…