ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Doorstep

v1.0.6

Get things done in the real world — pickups, deliveries, errands, and gifts handled by a human tasker. San Francisco only.

0· 83·0 current·0 all-time
by@jjmaxwell4
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description, required env var (DOORSTEP_API_KEY), and node/npm usage (npx bridge) all align with a service that uses an API and an optional CLI bridge. Requested items are plausible for a real-world errands service.
Instruction Scope
SKILL.md is an instruction-only implementation and stays within the task orchestration scope (create/list/get/approve/cancel tasks, registration options). It also documents programmatic account registration and webhook callback URLs — these are reasonable for the purpose but require the agent to handle user credentials/API keys and accept/propagate webhook endpoints, which the SKILL.md instructs without technical enforcement of consent.
Install Mechanism
No install spec or code files are present; this is instruction-only. That minimizes disk-write risk and matches the declared manifest.
!
Credentials
Only DOORSTEP_API_KEY is required, which is proportionate. However, the skill exposes an approve_task action that charges the user's card on file; because the skill can be invoked autonomously (platform default), the combination of billing-capable operations and agent autonomy increases risk unless the agent is explicitly configured to require user confirmation before calling approve_task.
Persistence & Privilege
always is false and there is no install that forces persistent presence. The skill suggests adding an MCP server entry to agent config (normal). The main concern is that model invocation is enabled by default and the skill includes a financial action; this combination is acceptable for many legitimate skills but requires operator safeguards (explicit confirmation) to avoid unintended charges.
What to consider before installing
This skill is coherent with its stated purpose and only asks for a Doorstep API key and node (for the npx bridge). However, it exposes a built-in approve_task operation that charges the card on file. Before installing: 1) Decide whether you trust the Doorstep service (trydoorstep.app) and its billing behavior. 2) Ensure your agent will always ask you to confirm quotes before calling approve_task (or disable autonomous invocation for this skill). 3) Prefer the HTTP/OAuth browser flow if you don't want to store an API key. 4) Limit who can provide the DOORSTEP_API_KEY and do not store your primary payment credentials in places the skill can access. If you need, ask the skill author how they prevent accidental approvals and whether reject/confirm hooks are enforced by the MCP client.

Like a lobster shell, security has layers — review code before you run it.

latestvk978m8ggd2wk8m53ye2anyzj5x83xdyn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🚪 Clawdis
Binsnode
EnvDOORSTEP_API_KEY
Primary envDOORSTEP_API_KEY

Comments