Back to skill
Skillv1.2.1
ClawScan security
Handwrytten · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 12, 2026, 4:14 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, runtime instructions, and requested environment access line up with its stated purpose (sending physical handwritten notes) and request only the expected Handwrytten API key and Node runtime.
- Guidance
- This skill appears to be what it claims: a Node-based MCP wrapper around the Handwrytten API that needs only your HANDWRYTTEN_API_KEY. Before installing, verify the npm package and repository are the official Handwrytten project (check the npm publisher and GitHub repo), confirm the package version you install matches what you reviewed, and restrict the API key permissions if possible. Be mindful that sending orders costs money—the SKILL.md correctly instructs confirming with the user before calling send_order. If you rotate keys or want to limit blast radius, consider creating a dedicated API key for use with assistants rather than reusing a high-privilege/production key. Also note the package.json in the bundle is version 1.2.0 while registry metadata lists 1.2.1; verify the exact release you intend to install.
Review Dimensions
- Purpose & Capability
- okName/description, required binary (node), primaryEnv (HANDWRYTTEN_API_KEY), and declared tools all match a service that calls the Handwrytten API to list templates, manage addresses, and place orders. Nothing requested appears unrelated to the skill's purpose.
- Instruction Scope
- okSKILL.md and README instruct the agent to list cards/fonts before sending and to confirm with the user before placing orders; runtime instructions reference only the Handwrytten client and the HANDWRYTTEN_API_KEY. There are no instructions to read unrelated files, exfiltrate arbitrary data, or contact unexpected endpoints.
- Install Mechanism
- noteInstall uses an npm package (@handwrytten/mcp-server) which is expected for a Node-based MCP server. NPM installs are moderate supply-chain risk compared with instruction-only skills; verify the package source and version before installing. The package.json points to the Handwrytten GitHub repo and uses the official 'handwrytten' SDK and MCP SDK, which is consistent.
- Credentials
- okOnly a single environment variable (HANDWRYTTEN_API_KEY) is required and declared as the primary credential. That is proportionate to a service that needs to authenticate to the Handwrytten API.
- Persistence & Privilege
- okalways is false and the skill does not request system-wide config changes or other skills' credentials. It runs as a normal MCP server and requires only the expected permission to call the Handwrytten API.