Back to skill
Skillv0.1.1
ClawScan security
otta-cli · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 22, 2026, 1:40 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only wrapper that coherently describes using the otta-cli binary to manage time/absence workflows; its requirements and instructions align with that purpose and there is no evidence of unrelated credential access or risky install steps.
- Guidance
- This skill is an instruction-only helper for the otta-cli binary and looks internally consistent. Before installing: (1) ensure you have the official otta-cli binary from the referenced GitHub repo or other trusted source (the skill itself does not install code), (2) avoid passing plaintext passwords on the command line—use --password-stdin or tokens and CI secret storage, (3) be careful when supplying OTTA_CLI_API_BASE_URL or other env vars: confirm they point to the legitimate otta.fi API to avoid redirecting traffic to an attacker-controlled endpoint, and (4) if you will allow autonomous agent invocation, be mindful that any credentials you provide (username/password or access token) let the CLI act on your Otta account. If you want a stricter review, provide the actual otta-cli release binary/source URL and verification hashes so the binary source can be audited.
Review Dimensions
- Purpose & Capability
- okName/description and the SKILL.md consistently describe CLI-first automation for otta.fi time-tracking (list/add/update/delete worktimes, absences, calendar/holidays, auth). All environment variables and commands referenced are relevant to operating a CLI that talks to an Otta API.
- Instruction Scope
- okInstructions are narrowly scoped to running the 'otta' binary, validating dates/times, refreshing cached metadata, and handling failures. They do not instruct reading unrelated host files or transmitting data to unexpected endpoints. They explicitly recommend JSON-format output and not printing raw credentials.
- Install Mechanism
- okThis is an instruction-only skill with no install spec and no bundled code, so it will not write or execute additional code on disk by itself. The SKILL.md points to the upstream GitHub repo but does not download or run code automatically.
- Credentials
- noteThe SKILL.md documents a number of OTTA_CLI_* environment variables (username, password, tokens, API base URL, user/worktimegroup IDs). These are all reasonable for a CLI that authenticates and operates against an API. Registry metadata lists no required env vars, which is consistent (the variables appear optional depending on usage), but you should be aware that supplying username/password or access tokens grants the CLI access to the user's Otta account—appropriate for the described functionality but sensitive in practice.
- Persistence & Privilege
- okThe skill does not request always:true, does not install or persist changes to other skills, and has no privileged persistence behavior. Autonomous invocation is allowed (platform default) but is not combined with unusually broad credentials or presence.