Envato Comment → Task → Google Sheet
PassAudited by ClawScan on May 1, 2026.
Overview
This is a simple instruction-only skill that turns Envato comments into task JSON, with only minor cautions around untrusted comment text and the optional Google Sheets webhook.
This skill appears safe and purpose-aligned for converting Envato comments into task rows. Before installing, make sure you review generated JSON before it is posted automatically, and secure any Google Apps Script webhook or Google Sheet used to store the results.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A hostile comment could cause an inaccurate or malformed task row if the output is trusted automatically.
The skill inserts external marketplace comment text into the model prompt. A malicious or confusing comment could try to influence the generated JSON, though the skill is output-only and the rules follow the comment.
Comment:
{{comment_text}}
Rules:Treat comment text as untrusted data, validate the JSON before appending it to a sheet, and consider adding an explicit instruction to ignore commands or instructions inside the comment.
Product information and comment text may be stored in Google Sheets or exposed to anyone who can access the webhook or sheet.
The workflow expects data to be sent to a Google Apps Script webhook. This is disclosed and purpose-aligned, but the endpoint and access controls are left to the user.
Send skill JSON output via POST request to Apps Script endpoint.
Use only a Google Apps Script endpoint you control, restrict access where possible, and avoid sending sensitive customer information unless needed.