Back to skill
Skillv1.0.0
ClawScan security
Coda Packs · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 11, 2026, 9:27 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill appears to implement Coda Pack management and its code matches the SKILL.md, but the registry metadata omits the required CODA_API_TOKEN and the package includes an executable script without an install spec — these inconsistencies warrant caution.
- Guidance
- This skill appears to do what it says (manage Coda Packs) and the included Python code matches the documentation, but the registry metadata incorrectly omits the required CODA_API_TOKEN. Before installing: (1) confirm the publisher and trust the source; (2) only provide a CODA API token scoped to Pack management (least privilege); (3) prefer creating a dedicated account/token for automation that can be revoked; (4) review and, if possible, run the included script in a sandbox or test environment first to observe network calls (they should be to coda.io only); (5) ask the publisher to update registry metadata to declare CODA_API_TOKEN so automated permission checks are accurate. If you cannot verify the source or cannot scope the token safely, avoid installing.
Review Dimensions
- Purpose & Capability
- noteThe SKILL.md and the included Python CLI implement Coda Pack management via the Coda REST API and explicitly require CODA_API_TOKEN — that capability matches the name/purpose. However, the registry metadata lists no required environment variables even though the skill needs an API token, which is an inconsistency between declared metadata and actual requirements.
- Instruction Scope
- okRuntime instructions are scoped to listing/creating/updating/deleting private Packs and to using the Pack SDK for builds/advanced features. The SKILL.md does not instruct the agent to read unrelated system files or exfiltrate data to unexpected endpoints; it only requires the Coda API token and standard HTTP access to coda.io.
- Install Mechanism
- noteThere is no install spec (instruction-only), which reduces install-time risk. However, the skill includes an executable Python CLI script (scripts/coda_packs_cli.py) that will be run by the agent; the package does not provide an automated install step or sandboxing guidance. This is reasonable but worth noting: code will run locally when invoked.
- Credentials
- concernThe tool legitimately requires a single credential (CODA_API_TOKEN) for the coda.io API, which is proportionate. The concern is that the registry metadata does not declare this required environment variable while SKILL.md and the script both require it. Missing metadata can lead users or automated systems to grant incorrect permissions or miss required secrets.
- Persistence & Privilege
- okThe skill does not request always:true and does not attempt to modify other skills or system-wide settings. It runs on-demand (or can be invoked autonomously per platform defaults), which is normal for skills.