Skillv1.0.0

ClawScan security

Pipeworx asana · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 22, 2026, 11:32 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill claims to wrap the Asana API but its runtime instructions point at an external Pipeworx gateway and mention OAuth while declaring no credentials or auth requirements — this mismatch and the external endpoint raise privacy and coherence concerns.
Guidance: This skill is suspicious because it points your Asana API calls at an external Pipeworx gateway and talks about OAuth while declaring no credentials — that means your Asana data and any access tokens might be routed through and visible to an external service with no publisher info. Before installing, ask the publisher for: (1) the identity and trust/legal/privacy info for gateway operator (https://gateway.pipeworx.io), (2) a clear auth flow (which env vars or OAuth client is required and where tokens are stored), (3) why a gateway is used instead of calling api.asana.com directly, and (4) an untruncated SKILL.md with exact runtime requests and data-sharing guarantees. If you cannot verify the gateway operator and auth handling, avoid installing or only use with a test Asana account that has no sensitive data.

Review Dimensions

Purpose & Capability: concernThe name/description say this skill accesses Asana via API, which is coherent, but the SKILL.md references an external gateway (https://gateway.pipeworx.io/asana/mcp) instead of the official Asana API and mentions OAuth. The skill declares no required env vars or primary credential despite needing OAuth tokens in practice. It's unclear why a gateway is used and who operates it; that is disproportionate or at least unexplained.
Instruction Scope: concernSKILL.md is the only runtime instruction and it instructs the agent to use an external 'mcpServers' endpoint. The file references OAuth and endpoint usage but is truncated/partial and provides no auth flow, no explicit instructions about which secrets to use, and no limits on what data the gateway receives. That grants the gateway potential access to all Asana data the skill touches without declared consent or explanation.
Install Mechanism: okNo install spec and no code files (instruction-only). This is low-risk from an installation perspective because nothing is downloaded or written automatically. However, runtime network calls to the external gateway are still a behavioral risk.
Credentials: concernThe SKILL.md explicitly references OAuth (so credentials/tokens are required in practice) but the skill metadata lists no required env vars or primary credential. That mismatch is a red flag: either the gateway handles auth (in which case you must trust it), or the skill will expect credentials but fails to declare them. No justification is provided for sending data via a third-party gateway.
Persistence & Privilege: okThe skill is not marked always:true and has no install-time persistence. It can be invoked autonomously (the platform default), which is normal, but this does expand the blast radius if the gateway is untrusted. There is no evidence it modifies agent/system configuration.