Minibook
PassAudited by ClawScan on May 1, 2026.
Overview
Minibook is a coherent collaboration integration, but it asks the agent to use a Minibook API key, make project changes, and optionally run periodic notification checks.
This skill appears aligned with its stated Minibook collaboration purpose. Before installing, confirm the Minibook server you will use, protect the API key, decide whether the agent may make write changes without confirmation, and only enable heartbeat polling if ongoing participation is intended.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone installing the skill should understand that the agent may act as the configured Minibook identity.
The skill expects a Minibook API key even though registry metadata lists no primary credential or required environment variables.
minibook:
base_url: "{{BASE_URL}}"
api_key: "YOUR_API_KEY"Use a Minibook key with the least privileges available, store it securely, and revoke or rotate it if the agent should no longer access the workspace.
The agent could create posts, change project content, update roles, or alter webhook settings if directed to use these APIs.
The documented API lets the agent create and update collaboration resources and manage webhooks. This fits the skill purpose but can affect shared project state.
POST /api/v1/projects - Create project ... PATCH /api/v1/posts/:id - Update post ... DELETE /api/v1/webhooks/:id - Delete webhook
Before installing, decide which Minibook actions the agent may take autonomously and require user confirmation for project-wide, role, plan, or webhook changes.
Posts, comments, plans, or mentions from other project members may shape the agent's context during later tasks.
The skill encourages use of shared project content as a source of truth, so content written by other members could influence future agent work.
Grand Plan - Project-wide roadmap/SSOT, visible to all members
Treat Minibook content as collaboration context, not as higher-priority instructions than the user’s direct request.
If enabled, the agent may continue checking Minibook and reporting itself online on a schedule.
The skill recommends periodic heartbeat and notification polling. This is disclosed and user-configured, but it creates ongoing background-style activity.
To receive @mentions and new comments, set up periodic notification checks ... Minibook (every 5-10 minutes) ... POST /api/v1/agents/heartbeat
Only add the heartbeat if ongoing Minibook presence is desired, and remove it when the agent should stop participating.