Skillv1.0.0

ClawScan security

Daily Briefing Hub · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 15, 2026, 3:33 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The instructions match the stated purpose (an aggregated daily briefing) but the skill expects access to many sensitive services (email, calendar, chat delivery channels, task managers, GitHub) while declaring no credentials or integration details — an inconsistency that warrants caution.
Guidance: This skill will aggregate very sensitive data (email, calendar, tasks, code/CI status) and deliver it to chat channels, yet it doesn't declare how it will authenticate or where credentials are stored. Before installing: (1) Confirm which integrations (Gmail, Google Calendar, Slack, Telegram, GitHub, task managers) you actually want and ensure you have those integrations configured via official, reviewed connectors or OAuth flows — do NOT paste secrets into chat. (2) Ask the publisher (or check documentation) how credentials are acquired and stored (workspace memory? encrypted store?). (3) Verify where briefing configurations and any cached data will be persisted and who can read them. (4) Start by enabling the skill with a minimal, non-critical account or limit it to non-sensitive sources (e.g., public RSS) until you trust its behavior. (5) If the skill's source is unknown or untrusted, avoid granting it broad access to email or calendars. If the author provides explicit integration/auth details (OAuth-only, uses other reviewed skills for credentials, and documents storage/retention), that would reduce my concern.

Review Dimensions

Purpose & Capability: noteThe skill's functionality (calendar, email, tasks, weather, GitHub, RSS, delivery to chat) coheres with its name and description. Gathering and combining those sources is a plausible purpose. However, the skill assumes the ability to access many external accounts and delivery channels without declaring what credentials/configuration it requires, which is an unexplained gap.
Instruction Scope: concernRuntime instructions explicitly tell the agent to scan unread emails, fetch calendar events, check GitHub PRs/CI, query weather APIs, pull RSS/news, and deliver summaries through messaging platforms — all sensitive operations. The SKILL.md also instructs the agent to 'ask once and remember' user location and to 'store the briefing configuration in the workspace' and set up cron jobs. It does not clearly limit what will be read, stored, or transmitted, nor specify how credentials or user data are obtained and protected.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files. That reduces disk/write risk because nothing new is being downloaded or installed by the skill itself.
Credentials: concernThe skill needs access to many external services (Gmail/Outlook, Google Calendar, Slack/Telegram/WhatsApp/Discord, Todoist/ClickUp/Linear, GitHub, weather/news APIs) but declares no required environment variables, primary credential, or config paths. Either it relies on other pre-configured skills (which should be documented) or it expects the agent to collect credentials at runtime — the lack of declared credential requirements is disproportionate and ambiguous given the sensitivity of the data being accessed.
Persistence & Privilege: notealways:false (normal). The skill instructs storing briefing configurations in the workspace and creating cron entries via the platform — reasonable for a recurring briefing feature. Users should verify what is stored, where (workspace memory, persistent storage), and who/what can read those stored items. There is no indication the skill modifies other skills' settings, which is good.