Skillv1.0.1

ClawScan security

Toingg Ops Toolkit · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 26, 2026, 5:07 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions match its stated purpose, but the package metadata omits the required TOINGG_API_TOKEN and the source/publishing details are missing — this mismatch and lack of provenance are concerning.
Guidance: This package largely does what it says — scripts call a Toingg API and convert/upload contacts — but the published metadata failed to declare the required TOINGG_API_TOKEN and the publisher/homepage are missing. Before installing or enabling this skill: 1) Treat TOINGG_API_TOKEN as a secret; do NOT commit it to git or expose it in world-readable cron jobs. 2) Confirm the API domain (prepodapi.toingg.com) is the expected endpoint for your account. 3) If you plan to enable the analytics cron, set up the cron in an environment with only the minimal token and permissions needed. 4) Prefer to run these scripts from an isolated account/workspace and review the scripts yourself (they are small and readable). 5) Ask the publisher for provenance (who maintains the skill, a homepage or repo) or reject if you cannot verify the source. The main technical fix that would increase trust: the skill registry metadata should list TOINGG_API_TOKEN as a required credential and include publisher/contact information.

Review Dimensions

Purpose & Capability: concernThe scripts and SKILL.md coherently implement Toingg campaign, contact, analytics, and WhatsApp template workflows. However the registry metadata lists no required environment variables or primary credential while both the SKILL.md and every script require a TOINGG_API_TOKEN bearer token. The missing declaration is an inconsistency that reduces transparency.
Instruction Scope: noteRuntime instructions are narrowly scoped to building payloads, calling Toingg API endpoints, converting Excel to JSON, and optionally scheduling a daily cron. The instructions reference storing payloads/analytics in version control or shared storage and instruct ensuring TOINGG_API_TOKEN is exported to the gateway for cron jobs — this is expected for the functionality but raises an operational caution about token exposure to scheduled environments.
Install Mechanism: okNo install spec is provided (instruction-only skill with shipped scripts). Dependencies are minimal and explicit in SKILL.md (requests, openpyxl). There are no downloads from arbitrary URLs or archive extraction steps.
Credentials: concernAll networked scripts require a single bearer token (TOINGG_API_TOKEN). That is proportionate to the API interactions, but the token requirement is not declared in the skill metadata. The analytics-cron guidance instructs relying on gateway environment inheritance, which could expose the token to scheduled jobs or other components if not configured carefully.
Persistence & Privilege: noteThe skill does not request always:true and contains no code that modifies other skills or system-wide settings. It suggests creating an 'openclaw cron' job only when explicitly requested. Autonomous invocation is allowed by default (normal), so consider the earlier token-access inconsistency when enabling automated runs.