intercom-conversations
PassAudited by ClawScan on May 1, 2026.
Overview
This skill coherently performs read-only Intercom conversation lookups, but users should understand it requires an Intercom access token and can return sensitive customer conversation data.
This appears to be a straightforward read-only Intercom conversations skill. Before installing, make sure the agent is allowed to view Intercom support conversations, use a least-privileged read-only token if possible, and consider pinning dependencies for reproducible installs.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If installed with a broad Intercom token, the agent can retrieve conversations available to that token.
The skill authenticates to Intercom using an access token. This is expected for the stated Intercom-read purpose, but it gives the agent delegated access to the Intercom workspace allowed by that token.
tokenAuth: { token: mustEnv("INTERCOM_ACCESS_TOKEN") }Use the least-privileged Intercom token available, preferably limited to read-only conversation access, and only install where the agent is allowed to view support conversations.
Customer conversation data may be placed into the agent’s working context and could be reused in later reasoning or responses depending on the host environment.
The skill returns full Intercom conversation objects to the calling agent. This is purpose-aligned, but those objects may include customer messages or other sensitive support context.
return { ok: true, action: "conversations.find", conversation: convo };Avoid using this skill in contexts where customer conversation content should not be visible to the agent, and redact or limit queries when possible.
Installing later may resolve to a newer dependency version than the one originally reviewed.
The skill depends on the Intercom client package using a caret version range. This is a normal purpose-aligned dependency, but future compatible versions could be installed unless a lockfile or pin is used.
"dependencies": { "intercom-client": "^6.0.0" }Prefer a lockfile or fully pinned dependency version for reproducible installs.