Skillv1.3.1

ClawScan security

Index Cards · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 12, 2026, 8:33 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requests and instructions are consistent with its stated purpose (designing, printing, and mailing cards); it is instruction-only, asks for sensitive data only with explicit consent, and has no puzzling installs or undeclared credentials.
Guidance: This skill appears to be what it says: an API-backed card-sending assistant. Before installing or using it, confirm these points with the agent when it runs: (1) it must ask you before reading local contacts, calendars, or conversation history — decline if you don't want that; (2) any saved addresses will be written to ~/indexcards/birthdays.json only with your explicit opt-in — ask how to view/delete that file; (3) recipient names, mailing addresses, and phone numbers will be sent to indexcards.com for printing/shipping — review the posted privacy policy and confirm you are comfortable with that; (4) payments are via Stripe hosted checkout (no card data handled by the skill), so verify checkout links go to Stripe; (5) if you prefer not to allow the agent to act autonomously, avoid granting permission or only invoke it manually. If any of these behaviors are unacceptable, don't enable contact/calendar access or opt-in storage.

Review Dimensions

Purpose & Capability: okThe skill description (API-based card service, free registration to obtain a Bearer token, optional local contact storage) matches the runtime instructions in SKILL.md. There are no required environment variables, no unexpected binaries, and the only local file mentioned (~/indexcards/birthdays.json) is explicitly opt-in and used only for contact/address reuse, which is appropriate for a mailing service.
Instruction Scope: noteThe SKILL.md is prescriptive and stays within card-design and mailing workflows. It does instruct the agent to read contacts, calendar, and conversation history when the user explicitly approves — that is appropriate for finding occasions, but 'conversation history' is somewhat broad and should be clearly limited to what the user consents to. The skill also requires collecting recipient names, mailing addresses, and phone numbers (expected for shipping). It states 'Talk before acting' and 'Ask before accessing personal data', which reduces surprise risk.
Install Mechanism: okNo install spec and no code files are present (instruction-only). This minimizes risk because nothing is downloaded or written by an installer.
Credentials: okNo environment variables or external credentials are required ahead of time. The described runtime auth flow (POST /v1/auth/register to obtain a Bearer token stored in the agent session) is plausible and proportional. The skill will access sensitive personal data (contacts, calendar, recipient addresses, phone numbers) only with explicit user consent; storing addresses in ~/indexcards/birthdays.json is optional and clearly described.
Persistence & Privilege: okalways:false (default) and user-invocable:true — normal and appropriate. The skill does not request permanent platform-wide privileges and will only create a local opt-in file for saved recipients. Autonomous invocation is allowed by default but the SKILL.md repeatedly mandates asking the user before acting, which mitigates risk.