HVAC Dispatch (30% OFF - B2B Special)
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill’s dispatch purpose is coherent, but it would autonomously collect customer details and create CRM/calendar bookings without enough detail about permissions, approvals, or data-handling limits.
Before installing, confirm exactly which CRM, calendar, and voice/text accounts this skill can access; start with least-privilege credentials and human-reviewed bookings. Do not rely on the stated ThumbGate or liability protections unless you have separately configured and tested them.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A misconfigured or over-trusted agent could create incorrect appointments, waste technician time, or alter business records without human review.
Directly creating bookings in business CRM systems is a high-impact action. The skill describes some business rules, but does not specify user approval, permission limits, rollback, or containment for mistaken bookings.
Books qualified leads directly into CRMs like ServiceTitan, Housecall Pro, or Jobber.
Use a limited CRM/calendar account, require confirmation for bookings until tested, keep a clear audit log, and define reversible booking workflows.
The skill may need access to scheduling, customer, or communication systems, so overly broad credentials could expose or change more account data than intended.
These integrations are expected for the dispatch purpose, but they imply delegated access to business accounts and provider APIs even though no scoped credential requirements are declared.
Setup Requirements - ServiceTitan, Housecall Pro, or Google Calendar integration. - Voice provider API (ElevenLabs recommended).
Provide least-privilege API keys or service accounts, restrict them to booking-related actions, and review provider logs regularly.
Customer contact details could be stored or transmitted through external services as part of dispatch handling.
The workflow intentionally handles customer phone numbers and addresses and likely passes them to CRM/calendar and voice/text providers. This is purpose-aligned, but the artifact does not describe privacy, retention, or provider data boundaries.
Mandatory Contact Info: Block finalizing a ticket if Phone Number and Address are missing.
Confirm provider data-retention settings, obtain appropriate customer consent, and avoid sending unnecessary customer information.
A business might over-rely on the agent’s safety claims and allow it to handle customer interactions or quotes without sufficient human oversight.
The artifact makes strong safety and liability claims, but the provided skill is instruction-only and does not include verifiable enforcement code or configuration for ThumbGate.
Uses ThumbGate to ensure it never quotes exact prices for complex repairs without a tech on site... Zero liability from AI hallucinated repair quotes.
Treat the ThumbGate statements as policy goals unless separately implemented and tested; validate quote-blocking and emergency-escalation behavior before production use.