Skillv1.0.0

ClawScan security

Morning Briefing Generator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewFeb 14, 2026, 6:52 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions expect many external credentials and local config edits (calendar, email OAuth, Telegram .env, Oura, task managers, etc.) but the published metadata declares no required environment variables or config paths — this mismatch is concerning and should be clarified before installing.
Guidance: Before installing, get clarity from the publisher about exactly which credentials and files the skill will access and how they are stored. Specific checks: (1) Ask for a concrete list of required env variables (Telegram bot token, Google OAuth client/refresh tokens, Gmail OAuth, OpenWeatherMap key, Oura token, Asana/Todoist tokens, etc.). (2) Confirm whether the skill will read or write TOOLS.md, HEARTBEAT.md, or .env and what contents it will change — avoid storing secrets in plain .env files if possible. (3) Prefer OAuth flows that store refresh tokens securely and limit scopes to least privilege (read-only calendar and email filters). (4) For delivery channels (Telegram/WhatsApp/Slack), verify the destination is under your control and that messages do not leak other users' private data. (5) Test first with a throwaway account and minimal permissions. (6) If the publisher cannot provide a clear list of required credentials and a privacy design, treat the metadata omission as a red flag and avoid installing.

Review Dimensions

Purpose & Capability: noteThe skill's stated purpose (aggregating weather, calendar, email, tasks, health, news and delivering via messaging) legitimately requires many third‑party integrations and credentials. However, the registry metadata declares no required environment variables, primary credential, or config paths — which is inconsistent with the integrations described in SKILL.md.
Instruction Scope: concernSKILL.md explicitly instructs the agent to access OAuth calendars and email, read/write user preferences in TOOLS.md or HEARTBEAT.md, check a .env bot token, create cron jobs, and deliver messages to external services (Telegram/WhatsApp/Slack/email). Those steps require access to local files and many credentials but the skill does not declare or limit that access in metadata; instructions also include team briefings (accessing multiple people's calendars) which widens scope.
Install Mechanism: okThis is an instruction-only skill with no install spec and no bundled code. That lowers installation risk because nothing is downloaded or written by a packaged installer. The risk arises from the runtime instructions rather than an installer.
Credentials: concernSKILL.md references many secrets and tokens (Google/Apple/Outlook OAuth for calendars, Gmail OAuth, Telegram bot token in .env, OpenWeatherMap API key, Oura health token, Asana/Todoist/Notion/Linear/GitHub tokens). Yet the registry lists no required env vars or primary credential. This mismatch suggests either metadata omission or the skill will ask the agent/user to supply sensitive tokens at runtime — both merit caution.
Persistence & Privilege: noteThe skill is not always-enabled (always: false). It suggests creating cron jobs and sending automated messages (Telegram), which is a normal capability for an automation skill, but the potential to send data externally combined with the large set of integrations increases blast radius if credentials are misused. No evidence it requests persistent system-wide privileges beyond cron and editing user config files.