ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Zendesk

v1.0.0

Manage Zendesk tickets, users, and support workflows with API integration and automation.

1· 525·3 current·3 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description align with the declared env vars (ZENDESK_SUBDOMAIN, ZENDESK_EMAIL, ZENDESK_TOKEN) and the runtime instructions, which all focus on Zendesk API operations. No unrelated credentials or binaries are requested.
Instruction Scope
Instructions direct the agent to request API credentials, test auth, and store a memory folder at ~/zendesk/ (including memory.md containing credentials and preferences). That is within the skill's purpose, but it explicitly asks the agent to collect and persist API credentials to disk — users should be aware credentials may be saved locally if they follow the setup flow. Documentation variable names are inconsistent in places (e.g., EMAIL/API_TOKEN vs ZENDESK_EMAIL/ZENDESK_TOKEN), which could lead to mistakes.
Install Mechanism
Instruction-only skill with no install spec and no code files. No downloads, packages, or extra binaries are requested.
Credentials
Only Zendesk-specific environment variables are required (subdomain, email, token). This is proportional to the stated functionality. The skill does suggest persisting credentials in ~/zendesk/memory.md; storing API tokens on disk is a sensitive operation but consistent with the skill's needs.
Persistence & Privilege
The skill creates and uses a local ~/zendesk/ memory folder and may save credentials there. always:false (normal). Writing its own files is expected, but users should be aware of local persistence of credentials and ensure proper file permissions and handling.
Assessment
This skill appears to be what it says: it will use your Zendesk API token/email/subdomain to call Zendesk endpoints and may save credentials to ~/zendesk/memory.md. Before installing or using it: (1) prefer setting credentials as environment variables rather than pasting them in chat; (2) if you must store credentials on disk, restrict permissions on ~/zendesk/ (chmod 700) and avoid committing that folder to version control; (3) use a least-privileged API token/account for automation and rotate the token if it is shared; (4) note the documentation uses inconsistent variable names in places—confirm which env var names the agent expects; (5) test with a non-production Zendesk account if possible.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fs1ajkbnnyfe4v7kzaz1feh81xrjk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎫 Clawdis
OSLinux · macOS · Windows
EnvZENDESK_SUBDOMAIN, ZENDESK_EMAIL, ZENDESK_TOKEN

Comments