Helpscout
ReviewAudited by ClawScan on May 10, 2026.
Overview
This appears to be a real HelpScout integration, but it needs review because it uses HelpScout account credentials and includes ticket-writing behavior that is broader and less clearly scoped than the fetch-only description.
Install only if you are comfortable giving this skill HelpScout API credentials that may read support conversations and add ticket notes. Use the least-privilege HelpScout app credentials available, verify that INBOX_IDS truly limits access, and require explicit human approval before any note or reply is posted.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may underestimate that the skill can change HelpScout ticket content, not just read conversations.
The registry-facing description is fetch-only, while SKILL.md describes replying to conversations and the code exports a note-creation write action. This can cause a user to grant credentials expecting a read-only integration.
Description: Fetches messages from specific Helpscout inboxes
Update the registry description and metadata to clearly distinguish read-only fetching from write actions, and document when human confirmation is required.
The agent could add notes to support tickets if invoked with the configured credentials.
The exported createNote capability posts content into HelpScout conversations. That is a business-data mutation, and the artifacts do not show an explicit approval gate before the write.
fetch(`https://api.helpscout.net/v2/conversations/${conversationId}/notes`, { method: 'POST',Require explicit user confirmation before creating notes or any customer-visible replies, and consider separating read-only and write-enabled credentials.
The skill may not reliably limit conversation fetches to the specific inbox IDs the user configured.
Configured INBOX_IDS appear intended to scope access, but fetchConversations is implemented with a single destructured object parameter. This positional call may fail to apply the intended mailbox filter, making the credential scope ambiguous.
const { inboxIds } = getCredentials(); ... inboxIds.map(inboxId => fetchConversations(inboxId, options))Fix and test the fetchConversations call signature so every fetch explicitly includes the intended mailbox/inbox filter.
Customer messages may be exposed to the model context, and malicious or irrelevant text in tickets could influence agent behavior if not treated as untrusted data.
HelpScout thread content can include sensitive customer data and untrusted customer-written text that will enter the agent's context.
Embed thread data directly in the response
Avoid fetching unnecessary thread data, redact sensitive customer information when possible, and instruct the agent not to treat ticket text as system instructions.