Back to skill
Skillv1.0.0
ClawScan security
Check and book Tennis and Pickleball Courts at Bay Club Gateway · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 20, 2026, 3:26 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's code generally matches its booking purpose, but its declared metadata and runtime instructions omit important credential requirements and there are a few mismatches worth clarifying before use.
- Guidance
- This skill appears to implement the advertised booking functionality, but there are a few issues to check before installing: - Credentials: The registry metadata claims no required env vars, yet the code needs BAYCLUB_USERNAME and BAYCLUB_PASSWORD to log into Bay Club. It also optionally uses GOOGLE_CALENDAR_CREDENTIALS (or a local JSON file) and BROWSERBASE_API_KEY/BROWSERBASE_PROJECT_ID in production. Don't install unless you're prepared to provide those secrets. - Least privilege for Google: If you enable calendar integration, create a dedicated service account with only the calendar permissions you need (share a single calendar, not your primary account) and avoid giving overly broad access. - Execution surface: The skill runs TypeScript with npx ts-node (i.e., executes code included in the skill). Run it in an isolated environment (container or throwaway VM / personal server) until you review the code fully—this prevents accidental exposure if something unexpected is added. - Audit dependencies & provenance: package-lock.json includes many dependencies. If you intend to run this on a persistent host, review package.json/lockfile and consider installing in an environment where you control network access. Also, there's no homepage or official source in the registry metadata; prefer skills with a verifiable source or ask the publisher for the repo. - Ask for fixes: Request that the skill metadata / SKILL.md be updated to declare required env vars (BAYCLUB_USERNAME, BAYCLUB_PASSWORD) and to document optional GOOGLE_* and BROWSERBASE_* variables so users know exactly what will be needed. If you cannot verify the author or are uncomfortable providing the credentials, do not install it on a system with sensitive data or long-lived credentials.
Review Dimensions
- Purpose & Capability
- noteThe skill's name/description (book Bay Club courts) aligns with the code: Stagehand automation to log in, check availability, book courts, and optionally add events to Google Calendar. However the package/registry metadata declares no required environment variables while the runtime code expects BAYCLUB_USERNAME and BAYCLUB_PASSWORD (and optionally Google Calendar credentials and Browserbase API keys). That mismatch between declared requirements and actual runtime needs is an incoherence.
- Instruction Scope
- noteSKILL.md tells the agent to run a local TypeScript script via the shell using npx ts-node, which will execute the included code. The code limits browser actions to bayclubconnect.com and optionally uses a local credential file or environment variables for Google Calendar; it does not appear to read unrelated system files or exfiltrate data to unknown endpoints. Still, SKILL.md does not document the required BAYCLUB credentials or the optional Google service account variables, which is a documentation gap that could lead to confusion or accidental misconfiguration.
- Install Mechanism
- okThere is no custom download/install step in the registry spec (instruction-only), and dependencies are typical npm packages declared in package.json/package-lock.json. There are no installs from arbitrary URLs or extract steps. Running npm install (or allowing the platform to install dependencies) is the expected path.
- Credentials
- concernThe runtime code requires BAYCLUB_USERNAME and BAYCLUB_PASSWORD (used for site login) but the registry metadata lists no required env vars. Optional but significant credentials are supported: GOOGLE_CALENDAR_CREDENTIALS (or a credentials file) for calendar integration and BROWSERBASE_API_KEY / BROWSERBASE_PROJECT_ID for production browser execution. Requesting Google service-account credentials (with 'make changes to events' permission) is reasonable for calendar functionality but should be clearly declared and limited. The undeclared required Bay Club credentials and multiple optional credential hooks are disproportionate to what's stated in the registry metadata/documentation.
- Persistence & Privilege
- okThe skill is not force-installed (always: false), does not modify other skills or system-wide settings, and has no special persistence demands beyond reading environment variables and optional local credential files within its own directory.