Back to skill
Skillv0.1.0
ClawScan security
Oura (API v2) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 13, 2026, 7:51 AM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's code and SKILL.md match its stated Oura-fetching purpose and only require an Oura personal access token, but there's an inconsistency in the registry metadata (it lists no required env vars) which is a red flag and should be clarified before use.
- Guidance
- This skill appears to do only what it claims (fetch Oura data and format it), but you should verify the metadata mismatch before installing: the SKILL.md and scripts require OURA_ACCESS_TOKEN even though the registry entry lists no required env vars. If you plan to use it, only provide an Oura Personal Access Token with minimal scopes needed, run the scripts in a controlled environment (or container), and inspect where outputs are written. Consider asking the publisher to update the registry metadata to declare OURA_ACCESS_TOKEN explicitly, or refuse installation until that is corrected. If you are uncomfortable providing a PAT, do not install; otherwise rotate the token after testing.
Review Dimensions
- Purpose & Capability
- concernThe skill's name, description, SKILL.md, and bundled scripts are coherent: they fetch Oura v2 usercollection endpoints and normalize/render daily JSON. However, the registry metadata claims no required environment variables or primary credential, while both SKILL.md and the code call for OURA_ACCESS_TOKEN. That discrepancy is unexplained and inconsistent.
- Instruction Scope
- okRuntime instructions are narrow and self-contained: call Oura API endpoints, write a raw bundle to a local file, normalize to a daily JSON shape, and render a short text/markdown summary. The SKILL.md does not direct reading unrelated files or exfiltrating data to unexpected endpoints.
- Install Mechanism
- noteThere is no install spec (instruction-only), which is lower risk. The repository does include three Python scripts (bundled with the skill) that are executed directly; no external downloads, package installs, or obscure sources are used.
- Credentials
- concernThe code legitimately requires a single secret (OURA_ACCESS_TOKEN) and optionally OURA_TZ, which is proportionate to the stated function. The concern is that the registry metadata did not list this required env var — a mismatch that could lead to accidental credential disclosure or confusion about what will actually be requested at runtime.
- Persistence & Privilege
- okThe skill does not request always:true, does not modify other skills or system settings, and only writes data to paths you explicitly provide in the examples (e.g., /tmp). Autonomous invocation is enabled by default (normal); no elevated persistence is requested.