ClawHub

Incident Replay

ReviewAudited by ClawScan on May 1, 2026.

Overview

The skill is coherent for local incident forensics, but it deliberately copies workspace files, logs, and agent memory into persistent local snapshots, so users should scope it carefully.

Before installing or using this skill, choose a narrow workspace root, exclude secrets or large private folders, and protect the generated incident_data directory. The behavior appears aligned with local incident forensics, but its usefulness comes from copying and retaining potentially sensitive local content.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium
#ASI06: Memory and Context Poisoning
What this means

Local incident snapshots and reports may contain secrets, configs, prompts, logs, or agent memory. If the incident_data directory or reports are shared, synced, or backed up, that data may be exposed.

Why it was flagged

The core workflow stores workspace file contents, logs, and memory-derived decision chains for later analysis. This is purpose-aligned, but it can retain sensitive data or untrusted log/memory text.

Skill content
Take point-in-time snapshots of your workspace (files, sizes, hashes, content) ... Extract decision chains from agent logs and memory files ... Incident database with persistent storage
Recommendation

Set WORKSPACE_ROOT narrowly, customize INCLUDE_PATTERNS and EXCLUDE_PATTERNS, keep incident_data private, and review or redact reports before sharing them.

Low
#ASI04: Agentic Supply Chain Vulnerabilities
What this means

A user may see this as an instruction-only skill, but practical use involves executing local Python code from the package.

Why it was flagged

The skill relies on running included Python helper scripts even though the registry metadata lists no required binaries and no install spec. The code execution is disclosed and central to the purpose, but the runtime requirement is under-declared.

Skill content
python3 incident_capture.py --config incident_config.json --snapshot --label baseline
Recommendation

Review the included scripts before use and run them only in the intended workspace; the package metadata should declare Python as a required runtime.