Privacy Solution Scorecard
ReviewAudited by ClawScan on May 1, 2026.
Overview
This is a disclosed API-backed scorecard skill; the main things to watch are that it uses a paid ToolWeb API key and sends organization/vendor evaluation details to ToolWeb.
Install only if you intend to use ToolWeb’s hosted scorecard service. Confirm that the API key, billing plan, and data-sharing terms are acceptable, and avoid sending confidential procurement or compliance details unless approved.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill can consume API quota or incur charges whenever the agent invokes it for a scorecard task.
The skill mandates use of curl to call the external API for relevant requests. This is central to the skill’s purpose, but users should know it may make billed external calls.
**ALWAYS call the ToolWeb API endpoint using curl.** Do NOT answer from your own knowledge.
Use it when you intend to rely on ToolWeb’s paid API, and consider asking the agent to confirm before making a call if cost control matters.
Anyone with access to the configured key could potentially use the ToolWeb account or consume its quota.
The skill requires a provider API key and sends it in the X-API-Key header. This is expected for the ToolWeb integration and is declared in the artifacts.
`TOOLWEB_API_KEY` — Get your API key from [portal.toolweb.in](https://portal.toolweb.in)
Store the API key securely, avoid pasting it into chat, and rotate it if it may have been exposed.
Business evaluation details and privacy-tool selection context may be shared with the third-party API provider.
The workflow sends organization name, evaluator name, budget range, regulations, vendor names, scores, and notes to ToolWeb’s external API. This is disclosed and purpose-aligned, but it may include sensitive procurement or compliance context.
POST https://portal.toolweb.in/apis/compliance/privacy-scorecard
Do not include confidential details unless you are comfortable sending them to ToolWeb; review the provider’s privacy, retention, and billing terms.