Skillv1.3.2

ClawScan security

Claw Calendar · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 30, 2026, 7:07 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior matches a calendar API client, but there are inconsistencies between the declared registry metadata and the SKILL.md (which requests an API base URL and API key), so you should verify how credentials are requested and stored before installing.
Guidance: What to check before installing: - The SKILL.md expects two env vars (CALENDAR_API_BASE_URL and CALENDAR_API_KEY) but the registry metadata shows none — ask the publisher or platform how the API key will be requested and stored. Ensure the platform will prompt you to input the CALENDAR_API_KEY and will protect it (encrypted at rest, not logged to transcripts). - Verify the GitHub repository referenced in SKILL.md (https://github.com/5twang/claw-calendar) and confirm the code and maintainer look legitimate before providing a real API key. Prefer testing with a limited-scope or throwaway API key first. - Confirm the API key's permissions on the Claw Calendar server (least privilege: only calendar access for the intended account) and avoid using org-wide or admin keys. - Because this is instruction-only, there is no downloadable code to inspect in the package — that reduces risk, but it also means the skill will rely on runtime access to your environment. If the platform does not surface those env vars to you explicitly, treat that as a red flag and do not proceed until clarified. - If you need higher assurance, ask the maintainer to add explicit required env declarations to the registry metadata and provide a homepage/release notes so you can audit changes in future versions.

Review Dimensions

Purpose & Capability: concernThe SKILL.md clearly describes a calendar client that needs CALENDAR_API_BASE_URL and CALENDAR_API_KEY — those credentials are appropriate for the stated purpose. However, the registry metadata at the top-level (Requirements) lists no required env vars or primary credential, while SKILL.md metadata declares those two env vars. This mismatch is an inconsistency that could cause the platform to not surface the needed credential request or to hide that the skill will access an API key.
Instruction Scope: okRuntime instructions are narrowly scoped to reading two environment variables (base URL and API key) and calling the Claw Calendar REST endpoints (GET/POST/PUT/DELETE). The SKILL.md does not instruct the agent to read unrelated files, other environment variables, or to exfiltrate data to external endpoints outside the declared API base URL. It also instructs to tell the user how to configure the two env vars if missing.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files to execute, which minimizes installation risk (nothing is downloaded or written to disk by the skill itself).
Credentials: concernThe only sensitive items referenced in SKILL.md are CALENDAR_API_BASE_URL and CALENDAR_API_KEY — these are proportionate for a calendar integration. The concern is that the top-level registry listing does not declare these required env vars (or a primary credential), so the platform may not prompt for or protect the API key as expected. Confirm how and where the API key will be stored and whether the platform will restrict access to it.
Persistence & Privilege: okThe skill does not request always:true, does not install persistent components, and is user-invocable only. Autonomous invocation is enabled (platform default) but there is no evidence the skill requests broader agent/system privileges.