Back to skill
Skillv1.0.0
ClawScan security
Instacart · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 6, 2026, 12:34 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and runtime instructions are coherent with an Instacart integration: it only asks for an Instacart API key, documents REST/MCP usage, and uses local caching; nothing requested appears unrelated to its stated purpose.
- Guidance
- This skill appears coherent for building Instacart pages and lists. Before installing: confirm you are comfortable the agent can write non-secret files to ~/instacart/ (memory, caches, incidents); ensure jq is available for smoke tests; provide the INSTACART_API_KEY via your environment or secret manager (do not paste it into chat); test against the development host first and avoid using production keys until Instacart approval is confirmed. If you want stricter limits, restrict the skill's filesystem permissions or disable its ability to persist memory on your platform.
- Findings
[no-code-files-to-scan] expected: The regex scanner had no code files to analyze because this is an instruction-only skill composed of documentation and playbooks; absence of findings is expected for this format.
Review Dimensions
- Purpose & Capability
- okName/description match the requested auth (INSTACART_API_KEY), required tool (jq for JSON smoke tests), and targets (Developer Platform REST, MCP, Connect). No unrelated credentials, binaries, or unexpected services are requested.
- Instruction Scope
- noteInstructions are comprehensive and limited to Instacart integration tasks (curl examples, MCP inspector, payload canonicalization, retailer lookup). They also recommend storing memory and caches under ~/instacart/ (activation rules, url-cache, incidents). This persistent storage is in-scope for an integration helper but is something to be aware of because it implies the agent will write non-secret state to disk.
- Install Mechanism
- okNo install spec or third-party downloads; the skill is instruction-only and relies on existing binaries (jq). This lowers risk as nothing arbitrary is written or executed by an installer.
- Credentials
- okOnly a single environment secret is required (INSTACART_API_KEY), and it is the declared primary credential. The docs explicitly instruct not to paste keys into chat and to use env vars/secret managers. No unrelated secrets or credentials are requested.
- Persistence & Privilege
- noteThe skill expects to maintain local notes and caches in ~/instacart/ and to update memory on use. always:false (not force-included). This persistence is reasonable for the described functionality but means the agent will create and update files in the user's home directory (non-secret state).