Skillv1.1.0

ClawScan security

Trakt.tv Integration · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 11, 2026, 8:59 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and credential usage are consistent with a Trakt.tv integration — it asks for a Trakt app Client ID/Secret, stores tokens locally, and calls the Trakt API; no unrelated credentials, hidden endpoints, or obvious misdirection were found.
Guidance: This skill appears coherent for a Trakt.tv integration, but before installing consider the following: (1) Inspect the included scripts yourself — they run subprocesses and make network calls only to the Trakt API. (2) Run the setup inside a Python virtual environment rather than allowing global pip installs (the script uses --break-system-packages). (3) The Client Secret and access/refresh tokens are stored in plaintext at ~/.openclaw/trakt_config.json — if you prefer stronger protection, store them in a system keyring and modify the code accordingly. (4) Limit the Trakt application permissions when you create the app (grant least privilege) and be prepared to revoke the client secret if anything looks suspicious. (5) Since source provenance is unknown, prefer running the setup manually (not allowing unattended autonomous invocation) and review network activity if you are cautious.

Review Dimensions

Purpose & Capability: okThe name/description match the actual behavior: the skill implements Trakt API calls (recommendations, history, watchlist, search, trending) and requires a Trakt application (client_id/client_secret). It does not request unrelated credentials or external services beyond Trakt.
Instruction Scope: noteRuntime instructions and INSTALL.md direct the agent/user to create a Trakt app, run the provided setup script, create ~/.openclaw/trakt_config.json, and run the included trakt_client.py CLI. Those steps are within the skill's purpose, but the setup is interactive and executes subprocesses (opening browser, running Python scripts). The instructions do not ask the agent to read unrelated system files or to exfiltrate data.
Install Mechanism: noteThere is no formal install spec (lowest risk), but the bundled scripts can install Python dependencies using pip (with --break-system-packages) and run subprocesses. No external downloads from untrusted URLs or archive extraction were observed. The lack of an install manifest means executing the provided scripts writes files to disk (config file under the user's home).
Credentials: noteThe skill does not request unrelated environment variables or system credentials. It does require the user-supplied Trakt client_id and client_secret and stores access/refresh tokens in plaintext JSON at ~/.openclaw/trakt_config.json — this is functionally necessary but is a sensitive artifact (no keyring use).
Persistence & Privilege: okThe skill is not marked always:true and does not request elevated or cross-skill configuration changes. It creates and uses a single per-user config file under ~/.openclaw, which is expected for a user-level integration.