Doorstep
Security checks across static analysis, malware telemetry, and agentic risk
Overview
Doorstep is a clearly described errand-service skill, but it can use account credentials and approve paid real-world tasks, so users should confirm every quote and be careful with sensitive details.
Before installing, decide whether you are comfortable giving an AI assistant access to a Doorstep account for San Francisco errands. Use a unique password or API key, verify the setup method, provide only the personal details needed for the task, and never let the assistant approve a quote unless you have reviewed the final price and task details.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the assistant approves the wrong quote or acts on ambiguous consent, the user could be charged and a tasker could be dispatched.
The skill exposes a tool that can authorize payment and trigger a real-world task. The approval requirement is clearly stated, making this purpose-aligned, but it is still a high-impact action.
`approve_task` — "Approve a quoted task and authorize payment. Only call this after the user has seen and agreed to the quote. The card on file is charged the quoted amount."
Require explicit user confirmation of the task, address, final price, and timing before calling `approve_task`.
The assistant may handle an email, password, API key, and account access for the Doorstep service.
The setup flow can create an account and obtain a service API key through the agent. This is expected for the integration, but it involves credentials and delegated account access.
Call the `register` tool with the user's email and a password ... It returns a `DOORSTEP_API_KEY`.
Use a unique generated password, do not reuse an important password, and store or revoke the API key through Doorstep’s dashboard if needed.
Users who choose the npx bridge depend on the npm package named `doorstep` and whatever version is resolved at install/run time.
The documented bridge uses an unpinned npm package fetched through `npx -y`. This is a common setup pattern, but the package contents were not included in the reviewed artifacts.
"command": "npx", "args": ["-y", "doorstep"]
Prefer the documented HTTP/OAuth setup when possible, or verify and pin the npm package version before using the npx bridge.
Sensitive task information could be sent to a webhook URL if one is provided.
The skill supports sending task updates to a webhook. Task updates may contain personal errand details, addresses, or timing information, so the callback destination matters.
`callback_url` (string, optional) — Webhook URL for task update notifications.
Only use callback URLs that the user controls and trusts, preferably HTTPS endpoints, and avoid including unnecessary sensitive details in task descriptions.