Discogs Claw
PendingStatic analysis audit pending.
Overview
No static analysis result has been recorded yet. Pattern checks will appear here once the artifact has been analyzed.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can make authenticated Discogs API requests using your Discogs token.
The script requires a Discogs personal access token and sends it in the expected Discogs Authorization header. This is necessary for the stated API integration and no unrelated destination or logging is shown, but it is still delegated account access.
if [ -z "$DISCOGS_TOKEN" ]; then ... -H "Authorization: Discogs token=${DISCOGS_TOKEN}"Use a Discogs token intended for this purpose, avoid exposing it in logs or shared shells, and revoke it if no longer needed. The skill metadata should ideally declare this credential requirement.