ClawHub
Back to skill
v1.0.3

Krónan

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:36 AM.

Analysis

This is a coherent grocery-account CLI skill, but it should be treated like real account tooling because it stores a Krónan access token and can change cart, list, note, and order data.

GuidanceInstall only if you trust the GitHub source and are comfortable giving the CLI access to your Krónan account. Keep the token file private, revoke the token if you stop using the tool, and require explicit approval before any command that changes carts, lists, notes, statistics, or orders.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusNote
SKILL.md
Commands that change state can modify the user's real data. Agents must ask for explicit user confirmation before running any state-changing command.

The skill can invoke account-mutating commands such as cart changes, order-line changes, list deletion, and note clearing. The documentation includes an explicit confirmation requirement, so this is purpose-aligned but important for users to notice.

User impactIf used without confirmation, an agent could change a real Krónan cart, shopping list, notes, statistics visibility, or modifiable order.
RecommendationOnly allow state-changing commands after explicit review of the exact command and target items.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
gh repo clone arnif/kronan-cli /tmp/kronan-cli && bash /tmp/kronan-cli/install.sh

The documented setup runs an install script from a GitHub repository, and the text says the script downloads a pre-built binary to ~/.local/bin/kronan. This is disclosed and normal for a CLI install, but the runnable code is outside the provided artifact set.

User impactRunning the install command trusts the external repository, its install script, and its release binary.
RecommendationReview the repository, install script, and release provenance before running the install command, especially before storing an account token.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
SKILL.md
Access tokens are stored at ~/.kronan/token. These are credentials for the Krónan Public API.

The skill requires a persistent Krónan API credential to access the user's account. This is expected for the stated purpose and includes revocation and file-permission guidance, but it grants real account authority.

User impactAnyone or any process with access to the token file could potentially use the user's Krónan API access.
RecommendationStore the token with restrictive permissions, revoke it when no longer needed, and avoid sharing command output that may include account details.