ClawHub
Back to skill
v1.0.0

Sure API

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:23 AM.

Analysis

This is a real Sure API helper, but it needs careful review because it can use an API key to make broad financial/account changes and its raw request path is not tightly limited.

GuidanceInstall only if you intend to let an agent operate your Sure account through an API key. Keep the key in the secure env file, restrict the base URL to trusted Sure hosts, use wrapped read/dry-run workflows first, and require explicit human confirmation before any raw POST/PATCH/DELETE or account-level operation.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityHighConfidenceHighStatusConcern
scripts/sure_api_request.sh
METHOD=${1:-}
PATH_=${2:-}
...
curl -sS \
  -H "X-Api-Key: $SURE_API_KEY" \
  ...
  -X "$METHOD" \
  "$URL" \
  "$@"

The raw helper accepts caller-supplied method, path, and arbitrary curl arguments, then sends an authenticated request. This bypasses the safer wrapped CLI's --yes gate and can reach high-impact POST/PATCH/DELETE endpoints described in the API references.

User impactA mistaken or overly broad raw API call could create, modify, import, or delete financial/account data.
RecommendationPrefer the wrapped commands, add a confirmation gate and allowlist for raw POST/PATCH/DELETE calls, and block or require extra confirmation for account reset/delete-style endpoints.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
scripts/sure_openapi_update.sh
curl -fsSL --max-time 30 "$OPENAPI_URL" -o "$OPENAPI_PATH"
...
node "$SKILL_DIR/scripts/sure_openapi_summarize.js" "$OPENAPI_PATH" > "$SUMMARY_PATH"

The self-update workflow downloads the upstream OpenAPI file and overwrites local reference files. This is purpose-aligned and does not execute the downloaded YAML, but it changes what the skill treats as official API surface.

User impactRunning the update can change local API references and influence later agent behavior.
RecommendationRun the update only intentionally, review the resulting diff, and consider pinning or verifying the upstream source in controlled environments.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusConcern
scripts/sure_api_cli.js
const baseUrl = args.base_url || env.SURE_BASE_URL;
const apiKey = args.api_key || env.SURE_API_KEY;
...
'X-Api-Key': apiKey,

The CLI sends the Sure API key to the configured or argument-supplied base URL. Because metadata declares no primary credential or required env vars, and the base URL is not allowlisted, the credential boundary is not clearly declared or constrained.

User impactIf the base URL is misconfigured or overridden, the API key could be sent to an unintended server, and users may not realize the skill requires a sensitive account credential.
RecommendationDeclare SURE_API_KEY and SURE_BASE_URL in metadata, avoid command-line API key overrides, and restrict or strongly confirm custom base URLs outside the official Sure hosts.