Skillv1.0.0

ClawScan security

Pipeworx could-have-been-email · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 23, 2026, 7:07 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill claims to analyze transcripts but its runtime notes reference an external API that requires an API key which is not declared in the skill metadata; that mismatch and the implied sending of meeting content to gateway.pipeworx.io are concerning.
Guidance: This skill appears to send meeting transcripts to an external service (gateway.pipeworx.io) and mentions an X-API-Key, but the skill metadata doesn't declare any required credentials or explain where the key comes from. Before installing: 1) Ask the publisher for a homepage, privacy policy, and owner identity. 2) Require the skill to declare the exact env var name for the API key and explain key scopes and storage recommendations. 3) Confirm what transcript data is transmitted, how long it is stored, and whether PII will be retained. 4) Avoid sending sensitive meeting content until you verify the service and the API-key handling. Providing those clarifications would move this assessment toward benign; absent them, treat the skill as suspicious.

Review Dimensions

Purpose & Capability: concernThe description says it analyzes meeting transcripts and returns filler-word counts and decisions — that capability plausibly requires calling an external service. However SKILL.md explicitly states it "requires X-API-Key" and points to an external gateway (gateway.pipeworx.io) while the skill metadata lists no required environment variables or primary credential. The missing API-key declaration is an incoherence.
Instruction Scope: concernThe runtime instructions are minimal but imply sending meeting transcripts to an external MCP endpoint. They do not specify how the X-API-Key is supplied, what data is sent, or any privacy/retention behavior. Any skill that transmits meeting transcripts externally should explicitly document required credentials and data handling; this one does not.
Install Mechanism: okNo install spec and no code files are present (instruction-only). That minimizes on-disk installation risk — nothing is downloaded or executed locally by the skill itself.
Credentials: concernSKILL.md states an API key is required (X-API-Key) but the registry entry declares no env vars or primary credential. Requesting an external API key is plausible, but an undisclosed credential requirement is disproportionate and unclear. There's no indication what scopes/permissions that key has or where it should be stored.
Persistence & Privilege: okThe skill is not always-on and uses default autonomous invocation settings. There's no indication it requests permanent agent changes or elevated system privileges. Note: autonomous invocation combined with an external API (and an API key) increases data-exfiltration risk, but autonomous invocation itself is expected.