Zendesk
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Zendesk integration, but it uses a Zendesk API token, can change Zendesk tickets/users, and may store credentials locally.
Install only if you trust the agent with Zendesk API access. Use a limited-permission token, confirm ticket/user mutations before they are run, and avoid storing the token in ~/zendesk/memory.md unless the file is protected.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using this skill should understand that the agent can act in Zendesk with the permissions of the supplied API token.
The skill requires Zendesk account credentials and an API token, which are expected for Zendesk API access but give the agent delegated account authority.
You need three things to connect: ... Email ... API Token — From Admin > Channels > API
Use a least-privilege Zendesk API token, rotate it if shared in chat, and revoke it if the skill is no longer needed.
Incorrect or overly broad commands could update multiple support tickets or customer-facing records.
The documented API operations include bulk ticket mutation. This is aligned with Zendesk management, and SKILL.md tells the agent to confirm destructive actions, but the capability can still affect business support records.
Bulk Update
curl -X PUT "$BASE/tickets/update_many.json?ids=1,2,3" ... -d '{"ticket": {"status": "solved"}}'Review ticket IDs, query scopes, public/private comment settings, and bulk actions before approving changes.
A locally stored Zendesk token could be reused in future sessions or exposed if the local file is read by someone else.
The skill recommends storing Zendesk credentials in a persistent local memory file. This is disclosed and purpose-aligned, but the token is sensitive persistent context.
Create `~/zendesk/memory.md` ... ## Credentials subdomain: email: token:
Prefer environment variables or a secure secret manager when possible; restrict file permissions on ~/zendesk/memory.md and avoid storing unnecessary ticket exports.