ClawHub
Back to skill
v1.0.0

Inngest

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:31 AM.

Analysis

The skill is coherent for managing Inngest, but it should be reviewed because it uses undeclared Inngest credentials and can send, cancel, or replay background jobs.

GuidanceInstall only if you intend to let the agent use Inngest credentials to inspect and manage workflow runs. Before canceling, replaying, or sending events, confirm the workspace, app, environment, run ID, and payload contents.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
SKILL.md
curl -X DELETE ... "https://api.inngest.com/v1/runs/$RUN_ID"

The skill documents a destructive management API operation for canceling a function run, alongside replay and event-sending commands, without explicit confirmation or scoping guidance.

User impactIf invoked on the wrong run or environment, the agent could interrupt production workflows or replay work unexpectedly.
RecommendationRequire explicit user confirmation for cancel, replay, and event-send actions, and instruct the agent to verify run ID, app, workspace, and environment before mutating anything.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceHighStatusNote
metadata
Source: unknown; Homepage: none

The skill has limited provenance information. There is no executable code or install step shown, so this is a provenance note rather than a direct code-supply-chain concern.

User impactUsers have less external information to verify who maintains the skill or whether it matches official Inngest guidance.
RecommendationAdd a homepage or source repository, preferably linking to official Inngest API documentation or maintained skill source.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusConcern
SKILL.md
Requires INNGEST_EVENT_KEY and INNGEST_SIGNING_KEY env vars.

The skill requires account credentials, including a signing key for the management API, while the registry metadata lists no required env vars or primary credential.

User impactA user may install the skill without realizing it needs privileged Inngest credentials that can access and manage workflow runs.
RecommendationDeclare the required credentials in metadata and document the minimum required Inngest permissions or scoping, such as workspace, app, or environment limits.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
SKILL.md
curl -X POST "https://inn.gs/e/$INNGEST_EVENT_KEY" ... -d '[{"name":"app/email.sent","data":{"to":"a@example.com"}}]'

The skill sends event payloads, which may contain user or business data, to the external Inngest ingestion endpoint; this is purpose-aligned but should be understood by the user.

User impactEvent data provided to the skill may be transmitted to Inngest as part of normal operation.
RecommendationAvoid sending secrets or unnecessary personal data in event payloads, and confirm the destination workspace before sending events.