Roster
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (unicode-control-chars); human review is required before treating this skill as clean.
Before installing, create a private roster repository, inspect the build/publish GitHub Actions workflows, and use a fine-grained GitHub token limited to that repository. Review each generated roster before upload and only use the publish command when you are ready for emails to go out. ClawScan detected prompt-injection indicators (unicode-control-chars), so this skill requires review even though the model response was benign.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A misconfigured or over-scoped token could allow broader repository access than needed.
The skill needs a GitHub credential that can write repository contents and trigger workflows. That is expected for the stated GitHub publishing purpose, but it is a powerful delegated permission.
`GITHUB_TOKEN` | GitHub PAT with `repo` + `actions:write` ... Contents | Read & Write ... Actions | Write
Use a fine-grained GitHub PAT scoped only to the roster repository, with contents read/write and actions write only, and rotate it regularly.
Running the upload step changes roster data in GitHub.
The script performs authenticated GitHub API writes to create or update roster JSON files. The behavior is scoped to the configured ROSTER_REPO and KW path and validates JSON before pushing.
RESULT=$(curl -s -X PUT ... "https://api.github.com/repos/$REPO/contents/$FILE_PATH" ... -d "$PAYLOAD")
Review the generated roster preview/JSON before confirming upload, and keep the target repository private.
If the user publishes too early, wrong roster information may be emailed to staff.
The publish step dispatches a GitHub Actions workflow that can send emails to all employees, so an incorrect roster can propagate beyond the chat and repository.
"actions/workflows/publish-roster.yml/dispatches" ... "PDF wird gebaut und Emails an alle Mitarbeiter gesendet."
Only run the publish action after explicit approval, and inspect the target repository’s GitHub Actions workflows before production use.
Employee emails, minor status, notes, and schedules will persist in GitHub and may appear in agent context or previews.
The skill stores and retrieves personal employee data that is reused for scheduling decisions.
employees.json containing personal data: Employee first names and email addresses; Minor status (`isMinor`); Weekly hour limits and free-text notes; Weekly roster assignments
Use a private repository, minimize stored personal data, review access to the repo, and audit employee-data changes.
Version inconsistency can make it harder to verify the exact reviewed release.
This differs from the 1.5.0 version shown in claw.json/SKILL.md and the registry metadata. The runnable scripts are present, so this is a provenance consistency note rather than evidence of hidden behavior.
"version": "1.0.4"
Prefer a trusted source and publish consistent package metadata across registry and bundled files.