Package Delivery Coordinator
PassAudited by ClawScan on May 12, 2026.
Overview
No concerning behavior is evidenced; this is a prompt-only delivery-planning skill, with only minor caution around sharing pickup, gate, or helper-message details.
This appears safe for normal use as a prompt-only package coordination aid. Before installing or invoking it, be careful not to provide unnecessary access codes, tracking-account credentials, or private schedule details, and review any generated message before sending it. The supplied SKILL.md excerpt is truncated, so this assessment is based on the visible instructions plus the provided metadata and acceptance file.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user provides or forwards too much detail, a pickup code, gate access detail, or availability schedule could expose package or building access information.
The workflow can involve pickup codes or building access details. That is purpose-aligned for package coordination, and the skill also warns not to broadly share access codes, but users should treat these details as sensitive.
Signature requirement, ID requirement, or pickup code, if any... Building rules: package room hours, desk procedures, gate access, or pickup limits.
Provide only the minimum details needed, avoid sharing full codes unless necessary, and review any generated message before sending it to a helper or front desk.
If connected to a messaging tool, the agent could contact neighbors, front desk staff, or others after explicit authorization.
The skill is mainly draft-only, but it acknowledges that messages could be sent if the user explicitly authorizes an approved channel. This is controlled and purpose-aligned, but outbound contact should remain user-reviewed.
Draft messages the user can copy, edit, and send. Do not send messages yourself unless explicitly instructed by the main user through an approved channel and policy permits it.
Keep messages as drafts by default; only authorize sending after checking the recipient, wording, and any sensitive delivery details.