ClawHub
Back to skill
v1.0.3

Windsor.ai Analytics

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 6:01 AM.

Analysis

This is a coherent Windsor.ai analytics connector, but it requires a Windsor API key and can read broad connected business data through an external MCP service.

GuidanceBefore installing, confirm you trust the Windsor.ai MCP endpoint and are comfortable letting the agent query the data sources connected to your Windsor account. Store the API key with restricted permissions, use the narrowest access available, and revoke or rotate the key if you stop using the skill.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
Invoke this skill automatically when the user asks questions about: ... Data from any connected advertising, analytics, or CRM platform

The skill permits agent-driven use of the Windsor MCP tool for a broad set of analytics questions. This matches the purpose, but users should understand that a broad analytics request may trigger queries across connected services.

User impactThe agent may query connected Windsor.ai data sources when a user asks relevant analytics questions.
RecommendationUse specific source names, metrics, and date ranges when possible, and avoid broad all-source requests unless that is intended.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
metadata
Source: unknown; Homepage: none

The registry metadata does not provide a source repository or homepage for the skill, even though the skill configures a credentialed external MCP connection.

User impactIt is harder to verify who maintains this skill entry before trusting its setup instructions.
RecommendationConfirm the MCP endpoint and setup instructions against Windsor.ai’s official documentation before adding your API key.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
SKILL.md
"headers": { "Authorization": "Bearer ${WINDSOR_API_KEY}" }

The skill uses a Windsor API key as a bearer credential for the MCP server. This is expected for Windsor.ai access, but it is sensitive account authority.

User impactAnyone or any agent using this configuration can query data available to that Windsor.ai API key.
RecommendationUse a key with the least access practical, store it with restricted permissions, and revoke or rotate it when no longer needed.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityMediumConfidenceHighStatusNote
SKILL.md
"baseUrl": "https://mcp.windsor.ai/sse" ... "Windsor MCP translates your questions into structured data queries against your connected sources."

The skill routes natural-language analytics requests and results through an external Windsor.ai MCP endpoint. This provider boundary is disclosed and aligned with the skill’s purpose.

User impactBusiness questions and returned marketing, CRM, analytics, or e-commerce data may flow through Windsor.ai’s MCP service.
RecommendationInstall only if your organization permits Windsor.ai to process the connected data, and avoid querying data that should not be shared with that provider.