Discogs Claw
PassAudited by ClawScan on May 10, 2026.
Overview
Discogs Claw appears to be a straightforward Discogs price lookup; it needs a user-provided Discogs API token, which is expected but not declared in the registry metadata.
This skill looks safe for its stated purpose if you are comfortable providing a Discogs API token. Check that the token is stored securely, and be aware that the registry metadata does not currently advertise the token requirement even though the script needs it.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can make authenticated Discogs API requests using your Discogs token.
The script requires a Discogs personal access token and sends it in the expected Discogs Authorization header. This is necessary for the stated API integration and no unrelated destination or logging is shown, but it is still delegated account access.
if [ -z "$DISCOGS_TOKEN" ]; then ... -H "Authorization: Discogs token=${DISCOGS_TOKEN}"Use a Discogs token intended for this purpose, avoid exposing it in logs or shared shells, and revoke it if no longer needed. The skill metadata should ideally declare this credential requirement.