I'm Pretty Amazing
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill appears to be a disclosed API integration, but it handles account login, can change account content, and may store session tokens in plaintext if the user opts in.
Use this skill only if you are comfortable letting the agent access your I'm Pretty Amazing account. Avoid saving session tokens on shared or synced systems, remove saved tokens when done, and review any public posts, profile changes, deletes, follows, blocks, or comments before they are made.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can log in as the user and perform authenticated actions on the service.
The skill needs the user's account credentials to authenticate with the service. This is expected for the integration, but it gives the agent access to the user's account session.
Before asking for credentials, tell the user: "I'll need your email and password to log in. They'll be sent directly to the I'm Pretty Amazing API and won't be stored."
Only provide credentials if you trust the skill and the service; use a unique password where possible and review account actions before allowing them.
Anyone who can read the saved TOOLS.md entry may be able to reuse the account session while the token is valid.
The skill may persist session tokens in a local/persistent file. It asks for consent and warns about plaintext storage, but those tokens are sensitive until expired or removed.
Want me to save your session tokens so you stay logged in for future requests? They'll be stored in plaintext in TOOLS.md and expire automatically. Decline if others can access your TOOLS.md.
Decline token persistence on shared or synced machines, protect TOOLS.md, and remove saved tokens when no longer needed.
The agent could change the user's account content, visibility, profile, comments, likes, follows, or blocks when asked to use those endpoints.
The documented API includes mutating actions that can create, edit, delete, or publicly affect user content and profile data. These actions are purpose-aligned but impactful.
POST `/wins` | Create a win ... PATCH `/wins/:id` | Update a win ... DELETE `/wins/:id` | Delete a win ... POST `/wins/:id/comments` | Add a comment ... PATCH `/profile` | Update profile
Review the exact action and visibility before posting, deleting, updating profiles, or making social interactions through the skill.