Scalekit Agent Auth
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill is a coherent Scalekit integration, but it grants a very broad gateway to connected services and can auto-select accounts or proxy direct API calls, so it needs careful review before use.
Install this only if you trust the Scalekit environment and want a broad agent gateway to your connected services. Limit provider scopes, connect only accounts you intend the agent to use, require confirmation before writes/deletes/sends, avoid ambiguous requests, and be especially cautious with the proxy fallback and multiple connected accounts.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could perform actions in connected SaaS tools when a request is ambiguous, potentially changing documents, sending messages, or modifying business data.
The skill is instructed to act broadly across external services, including action-taking, with no clear per-action confirmation boundary for writes or other side effects.
Use this skill whenever the user asks for information from, or wants to take an action in, a third-party tool or service... Trigger this skill any time the user's request involves an external service, integration, or data source — even if the provider is not explicitly named.
Require explicit user confirmation before write, send, delete, publish, or administrative actions, and narrow invocation rules to named providers and clearly identified accounts.
If used incorrectly, the agent may make broad API calls through a connected account, including mutating requests or uploads/downloads that were not constrained by a provider-specific tool schema.
The code exposes a direct proxied HTTP request path with caller-controlled method, path, body, headers, and file input/output, which can bypass safer schema-defined tool workflows.
def proxy_request(... path: str, method: str = "GET", query_params: dict = None, body: dict = None, output_file: str = None, input_file: str = None, extra_headers: dict = None):
Disable proxy fallback by default or require explicit user approval, allowed-method/path restrictions, and clear warnings before any non-GET request or file transfer.
A request intended for one workspace or account could be executed in another connected account.
Automatically selecting the first completed connection can use the wrong account, tenant, or workspace when multiple valid connections exist.
If multiple COMPLETED connections found → the first one is selected automatically (a warning is shown).
Prompt the user to choose among multiple completed connections and display the selected account/workspace before executing any action.
Data from connected services and user-provided tool inputs may pass through the Scalekit integration path.
The skill routes requests and results through Scalekit Connect and connected providers, which is expected for its purpose but important for users to understand.
executes tools on any connected third-party service via Scalekit Connect
Use least-privilege provider scopes, avoid connecting highly sensitive accounts unless needed, and review Scalekit's data-handling policies.
A future dependency update could affect runtime behavior or security posture.
The install uses Python dependencies with lower-bound version ranges rather than pinned versions; this is common but means future dependency versions may change behavior.
dependencies = ["protobuf>=5.29.6", "python-dotenv>=1.1.1", "scalekit-sdk-python>=2.6.1"]
Install in a trusted environment and consider using a lockfile or pinned dependency versions for production use.