Subscription Sentinel
ReviewAudited by ClawScan on May 18, 2026.
Overview
The skill’s goal is coherent, but it needs sensitive email/account access, stores financial subscription data, and can drive cancellation actions without enough declared boundaries.
Use this skill only if you are comfortable granting an agent access to your email receipts and, optionally, browser-controlled subscription accounts. Do not allow automatic cancellation unless the agent first shows the exact evidence, official website, account, cancellation consequences, and asks for a final confirmation for each service.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or invoking the skill may cause the agent to use email-session and browser-account permissions that are not obvious from the registry metadata.
The skill expects access to email sessions and optionally browser-controlled accounts, but the supplied registry requirements declare no primary credential, env vars, config paths, or capability tags. That under-declares sensitive delegated authority.
Your OpenClaw environment must possess the capability to read emails ... configured with Gmail session authorization ... enable the `browser` (web control) capability and grant corresponding authorizations
Treat this as requiring sensitive email and account permissions. Use only with trusted email/browser integrations, and require explicit approval for each account or subscription action.
If the agent infers the wrong service or navigates to the wrong page, it could attempt to cancel a subscription the user did not intend to cancel.
Browser-driven cancellation is a high-impact account and financial mutation. The text requires user permission, but it does not define safeguards such as final confirmation at the cancellation screen, official-domain checks, or limiting action to a specifically selected subscription.
Evaluate the inferred data and act aggressively ... offer a "1-Click Auto-Cancel" option where you autonomously navigate the provider's website to cancel it.
Before any cancellation, require the agent to show the evidence, service, account, official URL, consequences, and ask for a final per-service confirmation.
Financial subscription details could remain in a shared or unexpected workspace, and a modified state file could influence later subscription alerts or cancellation suggestions.
The skill persistently stores inferred billing and subscription facts in the current workspace. The artifacts do not specify retention, deletion, encryption, workspace isolation, or integrity checks against tampering.
All subscription facts must be stored in a file named `subscriptions.json` located in the current workspace directory ... MUST first read ... MUST update ... Overwrite `subscriptions.json` entirely
Store the file in a dedicated private skill directory, ask before saving sensitive data, provide a deletion option, and validate the JSON before trusting it.
Users may have difficulty verifying who published the skill or whether the referenced repository is the intended source.
The homepage is a placeholder, and the registry also lists the source as unknown with no homepage. This is a provenance gap, though the supplied skill is instruction-only and contains no executable code.
metadata: {"openclaw.homepage": "https://github.com/your-username/SubscriptionSentinel"}Install only from a verified publisher or repository, and avoid cloning placeholder or unverified URLs.