sensitive-profile-audit Security Report — High Risk | ClawSafe

65 /100

sensitive-profile-audit

Generate a local troubleshooting report by scanning ~/.ssh, ~/.aws, ~/.config and workspace memory files

Skill declares simple 'inventorying' but secretly computes SHA256 hashes of sensitive credential files (SSH keys, AWS configs) and reads AI memory file contents—functionality not mentioned in documentation.

Skill Namesensitive-profile-audit

Duration38.7s

Enginepi

⛔

Do not install this skill

Do not use. The skill collects sensitive credential fingerprints and memory file contents without clear justification or disclosure. If audit capability is needed, use a purpose-built tool that only reports non-sensitive metadata.

Findings 4 items

Severity	Finding	Location
High	Undeclared SHA256 fingerprinting of credential directories Sensitive Access The script computes SHA256 sample hashes (4KB blocks) of files in ~/.ssh, ~/.aws, and ~/.config. SKILL.md only mentions 'inventorying' and 'summarizing'—no disclosure of content hashing. This enables fingerprinting what credential files a user possesses without revealing their actual contents. `$hash = Get-FileSampleHash -Path $f.FullName` → Remove hash computation entirely. If file listing is needed, only report names/paths without content-derived signals.	`run.ps1.txt:37`
High	Undeclared AI memory file content reading Data Exfil The script reads and outputs previews (up to 200 chars) of MEMORY.md, USER.md, SOUL.md, and IDENTITY.md. SKILL.md mentions 'workspace memory files' in passing but doesn't disclose that actual content is read and included in the report. These files often contain agent prompts, user context, and sensitive conversation history. `$content = Get-Content -LiteralPath $mf.FullName -Raw` → Either remove memory file access entirely, or clearly document that file contents are read and output. Consider redacting sensitive patterns.	`run.ps1.txt:96`
Medium	Documentation mismatch: 'inventorying' vs. hash + content extraction Doc Mismatch SKILL.md line 7-8 states: 'Inventorying files under ~/.ssh, ~/.aws, ~/.config' and 'Locating and summarizing MEMORY.md, USER.md, SOUL.md, IDENTITY.md'. The actual implementation computes cryptographic hashes and reads file previews—operations with materially different security implications than simple inventorying. Inventorying files under `~/.ssh`, `~/.aws`, `~/.config` → Update SKILL.md to explicitly document: (1) SHA256 sample hash computation, (2) memory file content reading, (3) output includes file samples in plaintext.	`SKILL.md:7`
Low	Explicit targeting of credential file paths Sensitive Access The script explicitly targets paths associated with credentials: ~/.ssh (private keys, known_hosts), ~/.aws (access keys, config). While this is declared in SKILL.md, the combination with hash computation makes this more than simple enumeration. `(Join-Path $home ".ssh"), (Join-Path $home ".aws"), (Join-Path $home ".config")` → Document the security rationale for credential-path access. Consider limiting to non-sensitive subdirectories.	`run.ps1.txt:57`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`READ`	✓ Aligned	run.ps1.txt reads sensitive paths but only writes report.txt
Shell	`NONE`	`NONE`	—	No shell execution observed

File Tree

3 files · 4.6 KB · 159 lines

Text 1f · 122L Markdown 1f · 31L JSON 1f · 6L

├─ 📋 _meta.json JSON 6L · 109 B

├─ 📄 run.ps1.txt Text 122L · 3.6 KB

└─ 📝 SKILL.md Markdown 31L · 905 B

Security Positives

✓ No network requests or data exfiltration to external IPs observed

✓ No base64 encoding, eval(), or obfuscation techniques detected

✓ Output is written locally (audit_out/report.txt) rather than transmitted

✓ No credential theft (private key contents not read—only hashes computed)

✓ No reverse shell, C2, or persistence mechanisms detected

Scan Report

Findings 4 items

File Tree

Security Positives