Skillv1.0.8

ClawScan security

Clawcrm · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 28, 2026, 7:58 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requirements and runtime instructions are coherent with an agent-facing CRM: it asks for a single service API key and instructs the agent to call that service's HTTP endpoints to create leads, run enrichment, and send emails — there is no unrelated install or credential access — but you should review privacy, provenance, and automated-email risks before enabling it.
Guidance: This skill appears coherent for an agent-driven CRM, but review these before installing: 1) Data privacy: the skill will send personal data (names, emails, company info) to readycrm.netlify.app/ClawCRM for enrichment and email sending — ensure this is acceptable under your privacy and compliance policies. 2) API key scope and rotation: use a scoped API key, not a high-privilege org-wide secret; be ready to rotate or revoke it. 3) Automated emailing: the agent can send email sequences — confirm consent, opt-out handling, and spam/CAN-SPAM compliance. 4) Provenance: there is a branding/repository mismatch (skill named ClawCRM but metadata/repo reference ReadyCRM/Protosome-Inc and endpoints on readycrm.netlify.app); verify the vendor, homepage, and service ownership match your expectations before handing over credentials. 5) Test on non-production data first and monitor outbound activity. Finally, note there was no code to scan, so the SKILL.md is the only runtime surface — read it and confirm you’re comfortable with the described network calls and automation behavior.

Review Dimensions

Purpose & Capability: okThe name/description (agent-native CRM) matches the runtime instructions: all examples are HTTP calls to the ReadyCRM/ClawCRM API for lead creation, enrichment, tracking, and email sequences. The declared primary env var (CLAWCRM_API_KEY) is the only credential required and is appropriate for a hosted CRM. Minor note: the SKILL metadata and endpoints reference 'ReadyCRM' and readycrm.netlify.app while the skill is named 'ClawCRM' and homepage is clawcrm.ai — a branding/repository mismatch to verify with the vendor.
Instruction Scope: noteAll runtime instructions are explicit curl requests to the third-party CRM API for creating leads, enrichment, and sending emails. These actions necessarily transmit PII (names, emails, company data) to that external service and instruct the agent to perform fully automated workflows ('Zero human clicks required'). The guidance does not instruct reading local files, other env vars, or system state. This scope is expected for a CRM, but you should be aware it automates sending personal data and outbound email sequences.
Install Mechanism: okInstruction-only skill with no install spec and no code files. That is the lowest-risk install model because nothing is written to disk by the skill itself. The static scanner had no files to analyze beyond SKILL.md/_meta.json.
Credentials: okOnly a single API key (CLAWCRM_API_KEY) is required and declared as the primary credential. This is proportionate for a hosted CRM that needs an account token. No unrelated credentials, system paths, or broad secrets are requested.
Persistence & Privilege: okSkill does not request 'always: true' and uses default autonomous invocation (allowed). There is no install script or persistence mechanism in the package that would modify other skills or system settings.