Back to skill
Skillv1.2.0
ClawScan security
Pine Assistant · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 21, 2026, 11:47 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent with a pine CLI wrapper: it asks you to authenticate with your Pine account and operate the pine CLI; nothing requested is unrelated to that purpose, but it will handle/forward sensitive personal data and save credentials to your home config so you should review and trust the pine CLI before use.
- Guidance
- This skill is a thin wrapper around the Pine CLI and will ask you for your Pine account email and the verification code sent to that email, then save credentials to ~/.pine/config.json and send account details (names, account numbers, booking info, etc.) to the Pine service. Before installing/using it: (1) confirm you trust the pine CLI binary or the pip package 'pineai-cli' from PyPI; (2) consider creating a dedicated Pine account for agent-driven interactions if you want to limit exposure of your primary email; (3) do not share highly sensitive secrets (full credit card numbers, passwords) unless you are comfortable with the Pine service handling them; (4) verify the signup URL and service domains (the SKILL.md references 19pine.ai and the registry homepage is pineclaw.com — confirm which is the legitimate Pine provider); and (5) if you want to avoid automatic agent-initiated actions, restrict autonomous invocation or review permissioning before use.
Review Dimensions
- Purpose & Capability
- okName/description match the runtime instructions: the SKILL.md drives the pine CLI (requires the 'pine' binary). No unrelated environment variables or binaries are requested. Minor note: the SKILL.md metadata references installing a pip package (pineai-cli) even though the registry lists no install spec; this is a small inconsistency but not evidence of misalignment.
- Instruction Scope
- noteInstructions are prescriptive and coherent for a CLI wrapper: always list sessions, authenticate via email+verification code, and use pine send to create/manage sessions. The skill explicitly instructs the agent to request the user's Pine account email and verification code and to read/write ~/.pine/config.json (where credentials are saved). It also routinely collects and forwards user data (account numbers, booking details, etc.) to the Pine service — that is expected but privacy-sensitive.
- Install Mechanism
- noteThis is an instruction-only skill (no install spec in the registry) so nothing is written to disk by the skill bundle itself. The SKILL.md metadata suggests a pip package (pineai-cli) as the client implementation; installing that would be a standard PyPI operation. No high-risk downloads or obscure URLs are present in the provided content.
- Credentials
- noteThe skill does not request environment variables or external credentials in the registry, which is proportional. However, it requires the user to provide their Pine account email and verification code (and will save tokens to ~/.pine/config.json). It also encourages supplying potentially sensitive PII (account numbers, billing info, phone numbers) to the Pine service — appropriate for the stated purpose but worth explicit consent from the user.
- Persistence & Privilege
- okalways is false and the skill does not ask for system-wide privileges or to modify other skills. It will create/modify its own config at ~/.pine/config.json during auth, which is expected behavior for a CLI client. Default autonomous invocation is allowed (platform default) and should be considered in policy but is not unusual here.