Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Cisco Firewall Audit
v1.0.0Dual-platform Cisco ASA and Firepower Threat Defense (FTD) firewall audit with ACL analysis, NAT policy validation, Modular Policy Framework / Access Control...
⭐ 0· 72·1 current·1 all-time
byVahagn Madatyan@vahagn-madatyan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The documented purpose (ASA/FTD audit) matches the commands and API endpoints included in the SKILL.md and references. However there is a packaging mismatch: the registry metadata lists no required binaries/env, while the SKILL.md metadata explicitly references needing 'ssh' and the FMC REST API — implying credentials or tokens will be required at runtime. Requesting SSH/FMC access is reasonable for this audit, but those requirements are not declared consistently.
Instruction Scope
The runtime instructions are narrowly scoped to read-only diagnostic 'show' commands and FMC REST API reads; they do not instruct writing/config changes or exfiltration to external endpoints. The instructions assume network access to target devices and valid read-only credentials, and they reference generating FMC API tokens, but they do not instruct or demonstrate any unexpected data collection beyond audit-relevant outputs.
Install Mechanism
This is an instruction-only skill with no install spec or code to write to disk. That is the lowest-risk install model and matches the skill's documentation.
Credentials
The skill requires access to device credentials (SSH, ASDM/FDM, or FMC REST API tokens) in order to perform the audit, but the registry shows no required environment variables or declared primary credential. The SKILL.md implicitly expects sensitive credentials but the skill does not declare them or explain how they will be provided/handled. This omission makes it unclear how credentials will be supplied and stored, and creates a potential security/configuration gap.
Persistence & Privilege
always is false and there is no install that modifies agent config or other skills. The skill does not request persistent presence or elevated platform privileges.
What to consider before installing
This skill appears to be a read-only audit playbook for Cisco ASA and FTD and mostly behaves as expected: it lists the exact 'show' commands and FMC REST API endpoints you would use. However, the packaging is inconsistent — the SKILL.md expects SSH access and FMC API tokens but the registry metadata does not declare any required credentials. Before installing or running it: (1) verify the skill's source/author since homepage is missing and the owner ID is unknown; (2) ensure you provide only limited, read-only accounts (privilege level 5 for ASA, read-only FMC account) — do not supply full admin credentials; (3) confirm how the agent will accept and store credentials (prefer ephemeral tokens, not long-lived secrets in plain env vars); (4) test the procedure in a lab or on a non-production device first; and (5) if you need assurance, request the publisher to explicitly declare required binaries (ssh) and credential names and to document how credentials are handled. The incoherence could be sloppy packaging, but because sensitive network credentials are implied and not declared, proceed cautiously.Like a lobster shell, security has layers — review code before you run it.
latestvk978afpqxqefrpepxefv7d78z583dknb
License
MIT-0
Free to use, modify, and redistribute. No attribution required.