Skillv1.0.17

ClawScan security

AI Marketing + ActiveCampaign · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 27, 2026, 4:26 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's required files, env vars, and runtime instructions are consistent with an ActiveCampaign analysis/automation tool; nothing in the bundle appears designed to do something other than its stated purpose, though a few operational choices raise privacy/operational concerns you should review before enabling widely.
Guidance: This skill appears to do what it says: analytics and hygiene scripts for ActiveCampaign. Before installing: 1) Use a dedicated integration user/token in ActiveCampaign (not a personal admin token) and limit that user's permissions where possible. 2) Prefer exporting AC_API_TOKEN in the agent user's shell or the skill's local environment rather than placing it in gateway-global env.vars unless you understand the risk (gateway env makes the token available to all agents). 3) Inspect any file outputs under ~/.activecampaign-skill before sharing them—the skill requires agents to echo absolute file paths emitted by scripts, which can reveal local path structure. 4) Run the initial calibration manually in a controlled environment (python3 scripts/calibrate.py) to validate expected behavior and file writes. 5) Keep the token rotate/ revoke process handy in case you need to revoke access. If you want, I can walk you through a safe install/calibration checklist or show the small set of files the scripts write so you can audit them first.
Findings: [emit_files_trailer] expected: The bundle adds _ac_client.emit_files() and mandates a structured __SKILL_FILES__: [...] trailer be passed back by the agent after scripts write files. This is unusual but consistent with the author wanting deterministic file-path capture for exported reports. [requires_env_AC_API_TOKEN] expected: The skill requires AC_API_URL and AC_API_TOKEN — exactly what's needed to call ActiveCampaign's v3 API. Requiring the token is proportional to the skill's functionality.

Review Dimensions

Purpose & Capability: okName/description claim ActiveCampaign analytics and automation diagnostics; the repository contains ~50 scripts that implement exactly those reports and housekeeping tasks. Declared requirements (python3, AC_API_URL, AC_API_TOKEN) match the described v3 API integration and scripts.
Instruction Scope: noteSKILL.md explicitly instructs the agent to run the included Python scripts and to read/write the skill state at ~/.activecampaign-skill/state.json; that is appropriate for the described capabilities. It also mandates strict 'pass-through' behavior for any file paths the scripts print (human 'Wrote ' lines and a structured __SKILL_FILES__ JSON trailer). That requirement is unusual and increases the chance that absolute local paths and filenames will be echoed back in agent replies (which can leak username/home-directory structure or other path metadata). The scripts themselves appear focused on AC data and not on unrelated system files.
Install Mechanism: okThere is no remote download/install step in the skill bundle (no external URLs or extract operations). All code is shipped in the bundle. That lowers install-time supply-chain risk compared to fetching arbitrary archives. The presence of many Python scripts is expected for this capability.
Credentials: noteThe only required environment variables are AC_API_URL and AC_API_TOKEN (primary credential AC_API_TOKEN), which are appropriate for an ActiveCampaign integration. However, INSTALL.md recommends setting these in the OpenClaw gateway config (openclaw config set env.vars...), which makes the token available to any agent launched by that gateway. That operational recommendation increases token blast radius and is a tradeoff the user should weigh (prefer a dedicated integration token or limit scope to the agent's user).
Persistence & Privilege: noteThe skill creates and reads persistent state under ~/.activecampaign-skill (state.json, history.jsonl) which is appropriate for calibration and reporting. It does not request always:true or system-wide privileges. The only notable privilege-related concern is the guidance to place credentials into the OpenClaw gateway env (see environment_proportionality) — doing so elevates the token's availability beyond just manually-invoked CLI runs.