Back to skill
Skillv1.1.0
ClawScan security
Remember The Milk · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 12, 2026, 8:00 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requests and behavior match its stated purpose: it needs Remember The Milk API credentials, talks only to RTM endpoints, and stores a local RTM token for API operations.
- Guidance
- This skill appears to do exactly what it says: manage RTM tasks. Before installing, decide whether to use a dedicated RTM API key/account (so you limit exposure), ensure RTM_API_KEY and RTM_SHARED_SECRET are provided securely via the skill config, and protect or remove the saved token file (~/.rtm_token) (chmod 600 or delete it if you don't want persistent access). Be aware the auth requests 'delete' permission — if you prefer, create a key/account with minimum privileges. If you need higher assurance, inspect the full script yourself; it uses only the standard library and talks only to rememberthemilk.com endpoints.
Review Dimensions
- Purpose & Capability
- okName/description, declared env vars (RTM_API_KEY, RTM_SHARED_SECRET), and the included script all target the Remember The Milk API. Required credentials are appropriate for the claimed functionality.
- Instruction Scope
- okSKILL.md and the script limit actions to RTM flows (auth, list/tasks CRUD). The only filesystem access is reading/writing ~/.rtm_token; network calls go to api.rememberthemilk.com and www.rememberthemilk.com as documented.
- Install Mechanism
- okInstruction-only skill with one bundled Python script using only the standard library; no download/install steps or external packages are required.
- Credentials
- noteThe two required env vars are expected for RTM. Note that the saved ~/.rtm_token grants full access to the linked RTM account and the auth flow requests 'delete' permission; the SKILL.md also recommends protecting/removing that file.
- Persistence & Privilege
- okThe skill is not always-enabled, does not alter other skills or system-wide settings, and its persistent artifact is a per-user token file (~/.rtm_token) which is within scope for an API client.