Skillv1.0.0

ClawScan security

Strava Python · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 12, 2026, 8:13 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's files and instructions largely match a Strava client (Python + stravalib) and request only expected local credentials, but a prompt-injection indicator was found in SKILL.md and the skill stores secrets in a local plaintext file — worth caution before installing.
Guidance: This skill appears to be a straightforward Python Strava client and the included code implements the behavior described. Before installing: 1) Inspect SKILL.md and the two Python files yourself (or have someone you trust review them) — the pre-scan flagged hidden unicode control characters which are not expected. 2) Be aware the setup stores your client_secret, access_token, and refresh_token in plaintext at ~/.strava_credentials.json; if you proceed, restrict file permissions (chmod 600) or use a secure secrets store. 3) Verify you install the legitimate 'stravalib' package from PyPI and that you trust the skill source (the registry 'owner id' is not a public GitHub link). 4) Consider running the setup in a sandboxed environment first (or manually perform the OAuth steps via browser and paste tokens) if you are uncertain. 5) Do not paste credentials into public channels and revoke the Strava app credentials if you later suspect misuse.
Findings: [unicode-control-chars] unexpected: SKILL.md triggered a 'unicode-control-chars' prompt-injection detector. The skill otherwise behaves as a normal Strava client, so this finding may be an attempt to hide or manipulate text in the skill description/instructions. Inspect SKILL.md for hidden/invisible characters before trusting or displaying its content in automated contexts.

Review Dimensions

Purpose & Capability: okName/description, required binary (python3), pip dependency (stravalib), and included scripts (setup.py, strava_control.py) are coherent for a Strava Python client. No unrelated services, binaries, or credentials are requested.
Instruction Scope: noteSKILL.md instructs the user to create a Strava app, run an interactive setup, and save OAuth tokens to ~/.strava_credentials.json — this matches the included setup.py which performs those actions. However a pre-scan found 'unicode-control-chars' in SKILL.md (a prompt-injection indicator), which is unexpected and should be inspected; otherwise the runtime instructions stay within the stated purpose and do not attempt to read unrelated system files or environment variables.
Install Mechanism: okThere is no arbitrary download/install script — the metadata/instructions use pip to install the well-known 'stravalib' package. This is a standard install mechanism for a Python skill and proportional to the task.
Credentials: noteThe skill does not require environment variables and instead asks interactively for your Strava Client ID/Secret and stores tokens locally. That is reasonable for this purpose, but the setup writes client_secret, access_token and refresh_token in plaintext to ~/.strava_credentials.json — expected for a simple tool but a sensitive practice. No unrelated credentials are requested.
Persistence & Privilege: okThe skill does not request always:true nor modify other skills or system-wide settings. It creates one file in the user's home (~/.strava_credentials.json) to persist its own credentials, which is expected behavior for this type of tool.