Skillv1.0.0

ClawScan security

Pipeworx chargebee · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 23, 2026, 4:44 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's description (Chargebee management) is plausible, but the runtime instructions are incomplete and it references an external gateway (gateway.pipeworx.io) without declaring any credentials or explaining how authentication or data flow is handled — this mismatch is concerning.
Guidance: This skill claims to manage Chargebee data via a Pipeworx gateway but the runtime instructions are incomplete and do not declare how authentication or data handling is performed. Before installing: verify the operator/maintainer and trustworthiness of https://gateway.pipeworx.io, ask for complete documentation showing where credentials are stored and how requests are authenticated, and confirm what exact customer/invoice data will be transmitted. If you handle sensitive payment or PII data, prefer a skill that explicitly declares required credentials and a clear trust model (or use the official Chargebee integration). Consider disabling autonomous invocation until you can audit a complete spec.

Review Dimensions

Purpose & Capability: noteName and description claim Chargebee integration via a Pipeworx gateway, which is coherent in principle. However, a skill that manages subscriptions/customers/invoices would normally declare required credentials (Chargebee API key or some Pipeworx auth) or explain how auth is obtained — this SKILL.md lists no env vars or primary credential, which is unexpected.
Instruction Scope: noteSKILL.md provides only short function summaries and an MCP server URL (https://gateway.pipeworx.io/chargebee/mcp). The instructions do not ask the agent to read unrelated files or secrets, but the content appears truncated and lacks details about request/response formats, auth, or what exact data will be transmitted. The explicit external endpoint means user data (customers/invoices) will be sent to a third-party gateway; that is within the skill's purpose but needs explicit disclosure.
Install Mechanism: okNo install spec and no code files — lowest risk from installation. Nothing will be written to disk by an installer as part of this skill bundle.
Credentials: concernNo environment variables or primary credential are declared even though the skill handles sensitive billing/customer data. The presence of a third-party gateway URL implies authentication and data transfer will happen, but the skill gives no information about where credentials live or whether the gateway is trusted. For a billing integration, at minimum the required credentials and trust model should be explicit.
Persistence & Privilege: okalways is false and the skill is user-invocable with normal model invocation allowed. Autonomous invocation is permitted by default; combined with the external gateway this increases the importance of understanding what data gets sent, but the skill does not request elevated persistent privileges.