Skillv1.0.0

ClawScan security

Starling Bank · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 17, 2026, 11:22 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill claims to integrate with Starling Bank but its runtime instructions require an npm package, a Starling personal access token, and the mcporter tool even though the registry metadata declares no credentials or required binaries — this mismatch is concerning and warrants caution.
Guidance: This skill appears to be a legitimate Starling Bank integration, but the runtime instructions and the registry metadata don't match. Before installing or using it: (1) verify the starling-bank-mcp package origin and inspect its source (npm package page / GitHub repo) to ensure it's the expected implementation; (2) confirm you have and trust the mcporter tool the skill expects; (3) do not paste your STARLING_BANK_ACCESS_TOKEN until you verify the package and mcporter invocation; (4) prefer storing sensitive tokens in a secure secrets manager rather than agent memory/config; (5) ask the publisher to update the skill metadata to declare required env vars (STARLING_BANK_ACCESS_TOKEN) and required binaries (mcporter, node/npm) so the declared requirements match the instructions. If you cannot verify the npm package and mcporter behavior, avoid installing or providing credentials.

Review Dimensions

Purpose & Capability: concernThe name/description match a Starling Bank integration and the SKILL.md describes appropriate API operations. However, the metadata claims no required credentials or binaries while the instructions explicitly require installing the starling-bank-mcp npm package and configuring a STARLING_BANK_ACCESS_TOKEN via mcporter. The omission of these required items from the declared requirements is an inconsistency.
Instruction Scope: concernThe SKILL.md tells the agent/operator to globally install an npm package (starling-bank-mcp), run mcporter commands, and set STARLING_BANK_ACCESS_TOKEN in mcporter config. It also instructs storing accountUid and categoryUid in 'memory/config' for future use. The instructions therefore involve installing third-party code, providing a sensitive token, and persisting account identifiers — none of which are reflected in the skill's declared requirements. The instructions assume the presence of the mcporter tool but the skill metadata does not declare it.
Install Mechanism: noteThere is no platform install spec; instead the SKILL.md instructs the user to run `npm i -g starling-bank-mcp`. Installing a package from the public npm registry is a common approach but carries moderate risk if the package source is unverified. The skill also relies on mcporter (not declared). Because install happens outside the skill bundle, the registry metadata should still accurately declare required binaries/credentials — which it does not.
Credentials: concernThe runtime documentation requires a STARLING_BANK_ACCESS_TOKEN (sensitive credential) and instructs setting it in mcporter's environment, but the skill metadata lists no required env vars nor a primary credential. Asking to persist account IDs in memory/config increases the chance of sensitive data being stored. These credential and persistence expectations are disproportionate relative to the declared metadata and should have been explicitly requested/justified.
Persistence & Privilege: notealways:false and model invocation defaults are normal. The SKILL.md's recommendation to 'Store account details in your memory/config for future use' implies persistent storage of account identifiers (and possibly use of the token) across sessions. This is a privacy consideration; the skill does not declare how long or where data should be stored, nor how to remove it.