Expanso sentiment-score

ReviewAudited by ClawScan on May 10, 2026.

Overview

The sentiment scoring purpose is coherent, but MCP mode exposes an unauthenticated network endpoint that can use the user's OpenAI key.

Use caution before installing or running MCP mode. The basic sentiment function is coherent, but do not expose the server on shared or public networks unless you add access controls. Be aware that submitted text is sent to OpenAI when using the provided pipelines, and verify the remote deployment URL before deploying to cloud.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Concern

ASI07: Insecure Inter-Agent Communication

What this means

If the MCP server is run on a reachable network, other people or processes may submit text through it, send that text to OpenAI, and consume the user's OpenAI credits.

Why it was flagged

MCP mode listens on all network interfaces and accepts POST requests, then uses the configured OpenAI API key, with no authentication or caller restriction shown.

Skill content

address: "0.0.0.0:${PORT:-8080}" ... path: /score ... allowed_verbs: [POST] ... openai_chat_completion:
          api_key: "${OPENAI_API_KEY}"

Recommendation

Bind the server to 127.0.0.1 by default, add authentication or an allowlist, document the exposure clearly, and avoid running it on untrusted networks.

Note

ASI03: Identity and Privilege Abuse

What this means

Running the skill can send the input text to OpenAI and may incur usage against the user's OpenAI account.

Why it was flagged

The skill uses an OpenAI API key for the core sentiment-scoring call; this is purpose-aligned but gives the pipeline access to a billable account credential.

Skill content

openai_chat_completion:
          api_key: "${OPENAI_API_KEY}"
          model: gpt-4o-mini

Recommendation

Only provide OPENAI_API_KEY if you are comfortable sending the analyzed text to OpenAI; monitor usage and prefer a local backend if available and desired.

Note

ASI04: Agentic Supply Chain Vulnerabilities

What this means

The deployed cloud job could differ from the local artifact if the remote URL changes or is not the exact reviewed version.

Why it was flagged

The optional cloud deploy command fetches a pipeline from a remote URL rather than explicitly deploying the reviewed local file.

Skill content

expanso-cli job deploy https://skills.expanso.io/sentiment-score/pipeline-cli.yaml

Recommendation

Verify the remote pipeline contents before deployment, or deploy the reviewed local pipeline file instead.