cloud-forensics

[Skill Scanner] Credential file access detected This skill manifest appears internally consistent and its capabilities match the stated purpose of cloud forensics. There is no evidence of deceptive code, obfuscated payloads, or third-party credential-harvesting endpoints in the provided text. However, the functionality requires broad, high-impact cloud permissions (snapshots, memory dumps, export of logs) and the documentation lacks operational safeguards (least-privilege guidance, allowlisting of output locations, audit of the tool’s own actions). Those gaps make the skill potentially dangerous in practice if misconfigured or used with over-privileged credentials. Recommend treating this as a legitimate but sensitive tool: enforce least-privilege credentials, require investigator-controlled output buckets, add explicit chain-of-custody and logging for actions that create/export artifacts. LLM verification: The SKILL.md describes a legitimate cloud-forensics capability that reasonably requires reading cloud logs and writing local evidence artifacts. There is no explicit evidence of malicious code or backdoors in the documentation itself. Primary security concerns are operational: handling of credentials (reference to .aws), the absence of least-privilege guidance, and unsecured export paths which could leak sensitive data. Because the actual implementation is not present, we cannot rule out hidden