Skillv0.1.0

ClawScan security

ISO 27001 Evidence Collection · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 1, 2026, 4:47 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions, scope, and requirements are coherent with an evidence-collection purpose, but it provides many concrete CLI commands that will access sensitive data via whatever local credentials exist—so review and control execution before running.
Guidance: This skill appears to be exactly what it says: a set of procedures and CLI commands to collect audit evidence. Before installing or allowing an agent to run these instructions: 1) Understand that the commands will use whatever local cloud/gh/gam credentials are present—run them under least-privilege accounts or an isolated audit account. 2) Review every command and test in a non-production/jumpbox environment first; some outputs (audit logs, secret-scanning alerts, user lists) contain sensitive data you may not want broadly exposed. 3) The skill is guidance-only but contains runnable shell snippets; ensure your agent/platform does not auto-execute them without explicit approval. 4) Store collected evidence securely and limit access; redact PII where required. 5) If you plan to enable the planned "Compliance MCP server" connector later, verify its network/hosting and data-handling policies — the current files do not describe any remote upload behavior, but connectors could change that surface.

Review Dimensions

Purpose & Capability: okName/description (ISO 27001 / SOC 2 evidence collection) align with the content: the SKILL.md and rules provide platform-specific CLI/API commands and evidence mapping that are exactly what an evidence-collection skill would need.
Instruction Scope: noteThe SKILL.md is instruction-only but contains many concrete shell commands (gh, gcloud, az, gam, screencapture, openssl, etc.), loops, and file paths to read/write evidence. The doc claims "No scripts executed" and "evidence stays local," which is plausible for a guidance-only skill, but the provided commands will access and emit potentially sensitive audit data if actually executed. This is expected for this purpose but worth noting: the instructions give an agent the ability to enumerate accounts, logs, secrets scanning output, and other sensitive information.
Install Mechanism: okInstruction-only skill with no install spec or code files; nothing is written to disk by the skill itself. This is the lowest-risk install model for a skill of this type.
Credentials: noteNo environment variables or credentials are declared, which is coherent because the skill expects the operator to have existing CLI auth. However, the commands rely on whatever local credentials are present (GitHub gh token, gcloud/Azure/GAM auth). That is proportionate to the task but means the skill will implicitly use highly privileged credentials available on the host—review which account/roles are used before running.
Persistence & Privilege: okNo always:true, no installs, and no modifications to other skills or global agent settings. The skill does reference an optional external "Compliance MCP server" (planned) but does not include any outbound endpoints or automatic remote uploads in the current files.