Back to skill
Skillv1.0.6
ClawScan security
Incident Replay · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 10, 2026, 12:49 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and requirements match its stated purpose (local workspace forensics); it performs local snapshotting, diffs, trigger detection, analysis, and reporting with no external installs or credentials required.
- Guidance
- This skill appears to do what it says: local forensic snapshots, diffs, trigger detection, analysis, and reporting using only the Python standard library. Before installing or running it: (1) set WORKSPACE_ROOT to the smallest useful directory (avoid running from '/', your home dir, or other broad roots), (2) tighten INCLUDE_PATTERNS/EXCLUDE_PATTERNS so you don't accidentally capture secrets or unrelated files, (3) confirm the DATA_DIR location and secure its permissions (incident data contains captured file contents), (4) review the code if you need assurance there are no outbound network calls (the provided files use only stdlib file/regex/json operations), and (5) run first in a sandbox or test workspace to validate behavior. If you need the agent to run this autonomously, remember autonomous invocation plus the ability to read the workspace increases the potential blast radius—only permit that if you trust the agent's policies and inputs.
Review Dimensions
- Purpose & Capability
- okName/description (post-mortem forensics) align with the code and SKILL.md. The package only uses filesystem, hashing, regex, and JSON storage to capture snapshots, build timelines, classify root causes, and generate reports — all coherent with forensic intent.
- Instruction Scope
- noteSKILL.md instructs the agent to read workspace files, take snapshots, diff them, scan logs for patterns (including API key/password patterns), and write incident data and reports locally. This is expected for a forensic tool, but it means the skill will capture the contents of included files (by default *.py, *.md, *.txt, *.json, logs). Review and tighten include/exclude patterns and WORKSPACE_ROOT before use to avoid capturing unrelated sensitive files.
- Install Mechanism
- okNo install spec; it's an instruction-and-code skill relying on Python stdlib. Nothing is downloaded or executed from remote URLs, and no third-party packages are pulled in.
- Credentials
- okThe skill requests no environment variables or external credentials. The default config looks broad (captures many text file types), which is reasonable for forensic analysis but should be tuned to avoid unnecessary exposure of secrets.
- Persistence & Privilege
- noteThe skill persists snapshots, incidents, and reports under a configurable DATA_DIR (defaults to incident_data). It is not 'always' enabled and does not modify other skills. Because it can read and store file contents locally, run it with a safe WORKSPACE_ROOT and tuned include/exclude patterns; ensure appropriate filesystem permissions and backups for the incident_data directory.