Skillv1.0.0

ClawScan security

Subscription Sentinel · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 9, 2026, 9:11 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requests and instructions are coherent with its stated purpose (reading receipts, inferring cycles, and storing subscription state), but it requires broad email access and local file read/write so consider privacy and workspace security before enabling.
Guidance: This skill appears to do what it says — scanning recent receipts, inferring cycles, and storing results locally — but it requires access to your email and will read/write a local file (subscriptions.json). Before installing: 1) Ensure the email integration (AgentMail or similar) you grant is limited to the account and timeframe you want scanned. 2) Keep the skill in a trusted/sandboxed OpenClaw node and confirm where subscriptions.json will be stored; treat that file as sensitive and consider encryption or restricted filesystem permissions. 3) Be cautious granting browser/web-automation permissions: require explicit, per-action consent before any automated cancellation. 4) Review the skill's README and scripts/data_manager.md (present in the package) to confirm file-write behavior; the skill suggests using file I/O or shell exec to write the JSON — ensure the agent is not allowed to write outside the intended workspace. 5) Because the package source is unknown, prefer running it in a private or sandboxed environment first and audit the agent's actions during initial runs. If you need higher assurance, request a published source (repository) and author verification before using with real email accounts or production credentials.

Review Dimensions

Purpose & Capability: okName and description match the behavior in SKILL.md: it needs email-reading capabilities to find receipts, infers billing cycles, and offers cancellation paths. No unrelated credentials, binaries, or install steps are requested.
Instruction Scope: noteThe SKILL.md intentionally instructs the agent to search user email (limited to last 45 days and specific keywords) and to parse receipt contents. It also directs the agent to read scripts/data_manager.md and to read/write a local subscriptions.json file. These actions are consistent with the purpose but are sensitive (access to inbox and persistent local storage). The instructions also reference using tools like AgentMail, browser, and web_search if available.
Install Mechanism: okInstruction-only skill with no install spec and no code to download or execute. This is low-risk from a code-install perspective.
Credentials: okNo environment variables, secrets, or external credentials are requested by the skill itself. The only required capability is an email-integration skill (e.g., AgentMail) and optionally a browser automation capability — both are appropriate for the described tasks.
Persistence & Privilege: noteThe skill requires persistent local storage in subscriptions.json and explicitly instructs the agent to read and overwrite that file. It does not request always:true or system-wide privileges, but persistent local storage of parsed financial data is sensitive and should be placed in a secure workspace.