Back to skill
Skillv0.1.0
ClawScan security
Show Booking · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewFeb 15, 2026, 8:58 PM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill mostly matches its stated purpose (parsing listings, building call queues, creating .ics invites), but it instructs delegation to an external 'tour-booking' sub-agent that likely performs networked voice calls (ElevenLabs) while the skill metadata does not declare or request the corresponding credentials or dependencies — this mismatch warrants caution.
- Guidance
- This skill's local scripts (parsing, planning, .ics creation) are coherent and low-risk, but the critical calling step is delegated to an external 'tour-booking' component that is not included and which the references say uses ElevenLabs (voice API). Before installing or running this skill: (1) confirm where 'tour-booking/scripts/place_outbound_call.py' lives and inspect its code and endpoints; (2) don't provide ELEVENLABS_API_KEY or related credentials unless you trust that sub-agent and have audited its behavior; (3) if you need to test, use the documented --dry-run mode so no live calls or external network transmission happens; (4) consider privacy and telemarketing/regulatory obligations before allowing live calls that transmit client PII; (5) request the publisher to update metadata to declare required environment variables and dependencies (so the credential access is explicit). If you cannot verify the external calling component, treat the calling/delegation portion as a potential data-exfiltration risk and avoid enabling live-call execution.
Review Dimensions
- Purpose & Capability
- noteThe name/description align with the included scripts (parsing intake, building call queues, and producing .ics files). However, the runtime workflow explicitly delegates outbound calling to a separate 'tour-booking' sub-agent (place_outbound_call.py) and the references document mentions ElevenLabs API keys — yet the skill metadata declares no required environment variables or primary credential. That omission is disproportionate to the stated end-to-end calling capability.
- Instruction Scope
- concernSKILL.md tells the agent to run local scripts and to invoke an external sub-agent script for placing outbound calls. The provided code is local and file-based, but the calling step hands off listing metadata, client identity, and callbacks to 'tour-booking', which is not included here. That sub-agent is described as handling ElevenLabs integration (voice calls) and could transmit PII to external services. The instructions therefore implicitly permit network calls and transmission of personal data without declaring those endpoints/credentials.
- Install Mechanism
- okThere is no install spec and the code shipped is small, local Python scripts. Nothing in this package attempts to download or install external binaries; risk from the install mechanism itself is low.
- Credentials
- concernThe 'integration-notes' reference required environment variables for live calls (ELEVENLABS_API_KEY, ELEVENLABS_AGENT_ID, optional ELEVENLABS_OUTBOUND_URL), but the skill's declared requirements list none. A skill that initiates outbound voice calls would legitimately need such credentials — their absence from the metadata is an incoherence that hides the need to supply sensitive keys to enable the full workflow.
- Persistence & Privilege
- okThe skill does not request always:true, system-level config paths, or persistent privileges. It reads/writes local files under paths supplied at runtime (e.g., /tmp or user-provided paths), which is consistent with its described function.