Skillv1.0.1

ClawScan security

Haresh Cart Management · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 3, 2026, 6:18 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requested actions and runtime instructions are consistent with a cart-management integration that posts to local n8n webhooks, but the instructions are underspecified in places (how to validate product IDs and obtain current cart state) and you should verify webhook placement and authentication before enabling it.
Guidance: This skill looks coherent with its purpose, but it leaves important details unspecified. Before installing: (1) Ensure you actually run n8n at http://localhost:5678 and that the three webhook endpoints exist and are authenticated — otherwise the agent will attempt local HTTP requests that could be abused. (2) Confirm how product_id validation and current-cart checks are implemented (does your n8n workflow perform these checks?), and avoid giving the agent blanket access to external/internal services you don't control. (3) Prefer protecting the webhooks with authentication or a secret token and document expected request/response formats. If you need stronger assurance, run the skill in a sandboxed agent or review/modify the SKILL.md to explicitly call authenticated endpoints and to define where validation and cart-state reads occur.

Purpose & Capability: okName/description claim shopping-cart operations via n8n webhooks and the SKILL.md only references calling local n8n webhook endpoints (http://localhost:5678/webhook/...). No unrelated binaries, env vars, or install steps are requested, so required resources are proportionate to the stated purpose.
Instruction Scope: noteRuntime instructions are limited to extracting product_id/quantity and calling the three localhost webhook endpoints. However, they do not specify how to 'validate product_id exists' or how to 'check current quantity' (e.g., which API or data source to use), which is ambiguous and could lead the agent to probe other services for context. Otherwise the instructions do not direct reading files or exfiltrating data.
Install Mechanism: okInstruction-only skill with no install spec and no code files — nothing is written to disk or downloaded. This is the lowest-risk install profile.
Credentials: okNo environment variables, credentials, or config paths are requested, which is proportionate for a webhook-based cart skill. The use of localhost endpoints means no external credentials are declared, but those endpoints may rely on local n8n auth which is not described.
Persistence & Privilege: okSkill is not always-enabled and does not request persistent privileges or modifications to other skills. Default autonomous invocation is allowed (platform default) but not combined with other concerning flags.