Back to skill
Skillv1.3.2
ClawScan security
Todokan · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 26, 2026, 9:50 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's declared requirements and runtime instructions align with its stated purpose of managing Todokan via MCP; it only asks for a Todokan API key and MCP URL and contains no unexpected installs or filesystem access.
- Guidance
- This skill appears coherent, but review these practical points before installing: 1) Only provide the minimum-scoped API key you need — use a worker (read/comment) key if you don't require create/update/delete. 2) Double-check TODOKAN_MCP_URL to ensure you point to the intended environment (production vs staging). 3) The skill can delete and modify data; the SKILL.md requires confirmation, but you should still be cautious and avoid granting broad keys to automated agents unless you trust the skill. 4) Rotate keys periodically and treat the API key like any secret (don't paste it into chat windows). 5) If you want extra safety, test the skill against a staging key/endpoint first.
Review Dimensions
- Purpose & Capability
- okName/description (manage Todokan via MCP) match the declared env vars (TODOKAN_API_KEY, TODOKAN_MCP_URL) and the SKILL.md focuses on MCP tool calls (list/create/update/delete tasks, boards, documents). Nothing requested appears unrelated to the stated functionality.
- Instruction Scope
- okSKILL.md is an instruction-only runtime spec that confines actions to MCP endpoints and agent-facing operations (list, search, get_events_since, create/update/delete tasks/documents). It does not instruct reading arbitrary host files, unrelated environment variables, or exfiltration to unknown endpoints. Guardrails (confirm before delete, avoid storing secrets) are explicitly present.
- Install Mechanism
- okNo install spec or code files are present; this is instruction-only, so nothing will be downloaded or written to disk by an installer. Low installation risk.
- Credentials
- okOnly two env vars are required (API key and MCP URL), which are appropriate and expected for a remote API integration. The SKILL.md references passing the API key via Authorization header — consistent with declared env vars. No unrelated credentials or secret-sounding variables are requested.
- Persistence & Privilege
- noteThe skill can perform full CRUD when pointed at the planner endpoint; however 'always' is false and the SKILL.md requires explicit confirmation for destructive actions. Consider principle of least privilege: if you only need read/comment behavior, use the worker endpoint / a read-only key rather than a planner key.