Expanso json-flatten
PassAudited by ClawScan on May 10, 2026.
Overview
The provided files do not show malware or credential theft, but users should notice that it depends on external Expanso tooling and its MCP/cloud modes broaden where the JSON pipeline can run.
This appears safe to review as a small JSON-processing skill, but treat the MCP mode as a network service, keep it local or firewalled, and verify any remote Expanso Cloud deployment before use. Also test the output first, because the included pipeline does not actually create the promised flattened dot-notation object.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You may need to install and trust additional Expanso tooling, and the optional cloud deploy path may use a remote pipeline that was not included in the reviewed files.
The registry metadata says no required binaries/install spec, but the skill depends on external Expanso tooling and offers deployment from a remote URL. This is user-directed and purpose-aligned, but the referenced runtime/remote pipeline is outside the supplied artifacts.
- Expanso Edge installed (`expanso-edge` binary in PATH) - Install via: `clawhub install expanso-edge` ... expanso-cli job deploy https://skills.expanso.io/json-flatten/pipeline-cli.yaml
Install Expanso tooling only from a trusted source, inspect the remote pipeline before deploying it, or prefer the included local pipeline files when possible.
If you run the MCP server, other machines that can reach the port may be able to call the JSON-processing endpoint. The artifact does not show access to local files or credentials, but it does expand the network surface.
The MCP-style pipeline starts an HTTP server bound to all network interfaces. The artifact does not show authentication, localhost-only binding, or origin restrictions.
http:
enabled: true
address: "0.0.0.0:${PORT:-8080}"
...
path: /flatten
allowed_verbs: [POST]Run the server only on trusted networks, bind it to localhost if possible, use a firewall, and avoid sending sensitive JSON through a publicly reachable endpoint.
The skill may not produce the flattened JSON object you expect, which could cause incorrect downstream results.
The advertised output is a flattened dot-notation object, but the provided pipelines output fields such as original, top_level_keys, key_count, and metadata instead. This looks like a capability mismatch rather than malicious behavior.
description: Flatten nested JSON objects
...
outputs:
- name: flat
type: object
description: Flattened object with dot notation keysTest the skill with sample data before relying on it, and update the pipeline or documentation so the advertised output matches the actual output.