ClawHub
Back to skill
v1.0.0

Convert-any-SaaS-application-into-an-Agentic-interface

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:39 AM.

Analysis

This skill is coherent with its stated goal, but it asks the agent to auto-install and run unpinned GitHub tooling with system-package overrides and to steer users toward live deployment, publishing, and database access without clear credential boundaries.

GuidanceReview this skill carefully before installing. Do not let it auto-install the GitHub package or modify system Python packages unless you trust the source and have approved the exact version. Start with test environments and least-privilege credentials, and require explicit confirmation before any deployment, website publishing, database connection, or maintenance setup.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityHighConfidenceHighStatusConcern
SKILL.md
If not installed, auto-install from the repository:
```bash
pip install git+https://github.com/Danielfoojunwei/Convert-any-SaaS-application-into-an-Agentic-interface.git --break-system-packages
```

This directs automatic installation of live GitHub code using an unpinned git URL and a system-package override, while the registry declares no install spec; that creates material supply-chain and local-environment risk.

User impactInstalling the skill could cause the agent to fetch and install unreviewed code and alter the user's Python environment before the user has explicitly reviewed that package.
RecommendationRequire explicit user approval before installation, pin the package to a reviewed version or commit, declare the install requirements in metadata, and avoid `--break-system-packages`.
Agent Goal Hijack
SeverityLowConfidenceHighStatusNote
SKILL.md
Operating principle: Never stop at artifact generation. After every step, present the go-live status dashboard and proactively ask what's needed next.

This changes the agent's stopping behavior by steering it toward a full go-live pipeline even after a narrower conversion step. It asks for user direction before the next major step, so this is a notice rather than a standalone concern.

User impactThe agent may keep prompting toward deployment or publication when the user only wanted a conversion artifact.
RecommendationTreat go-live, deployment, publishing, backend connection, and maintenance as separate opt-in steps with clear user confirmation.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityHighConfidenceHighStatusConcern
SKILL.md
"deploy the server", "publish discovery files", "connect to my database", "wire up real data", "set up maintenance" ... "Backend connection" ... "Real API/database details"

The skill is designed to use deployment, website-publishing, and database/backend authority, but the metadata lists no primary credential, required env vars, or config paths, and the provided text does not clearly bound scope, reversibility, or credential handling.

User impactAn agent following this skill may request or use access capable of publishing services, connecting to production data, or changing live integrations.
RecommendationUse least-privilege test credentials first, require explicit approval for every deploy/publish/database action, document exact credential scopes, and provide rollback or revocation steps.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityMediumConfidenceHighStatusNote
SKILL.md
`proof/` | Grounding evidence: screenshots, DOM snapshots, API response samples ... Read `AGENTS.md` — verify the agent/operator guidance is accurate

The generated bundle can persist website/API content and generated agent guidance. If the source is private or hostile, these artifacts may contain sensitive data or untrusted instructions; the skill does tell the user to review them, making this a note.

User impactPrivate SaaS screens, API samples, or generated instructions could remain in the output directory and later be reused, shared, or published accidentally.
RecommendationUse non-production data where possible, inspect generated files before sharing or publishing, remove secrets and private records, and define retention for generated proof artifacts.