Skillv1.0.5

ClawScan security

taohopdong · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 3:33 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions expect Google Sheets credentials, the gog CLI, and a local Odoo connector, but the published metadata declares no required env vars or dependencies — the pieces are not internally consistent.
Guidance: This skill's instructions expect tools and credentials that are not declared in the skill metadata. Before installing or enabling it: (1) Confirm you have the gog CLI installed and authenticated and set GOG_ACCOUNT as the skill expects. (2) Verify the spreadsheet ID and sheet gid the skill will write to — the SKILL.md leaves them blank; set them explicitly to avoid accidental writes. (3) Inspect the local ~/clawd/skills/odoo-connector code and confirm what Odoo credentials it uses and whether you are comfortable giving it permission to create partners and opportunities. (4) Test in a sandbox spreadsheet and a non-production Odoo instance first to ensure it doesn't overwrite data. (5) Ask the skill author to update metadata to declare required env vars (GOG_ACCOUNT, Odoo creds or where they are stored), required binaries, and exact scopes, and to provide instructions for safely installing the odoo-connector. If you cannot verify these, treat the skill as potentially risky and avoid granting it write access or enabling autonomous execution.

Review Dimensions

Purpose & Capability: concernThe skill claims to 'create contracts' by scraping masothue.com and writing to a Google Sheet and Odoo — that purpose is plausible. However the skill metadata lists no required env vars, credentials, or binaries, while the SKILL.md explicitly requires an authenticated 'gog' CLI (env GOG_ACCOUNT) and a local Odoo connector at ~/clawd/skills/odoo-connector. Those required capabilities are missing from the declared requirements, which is an incoherence.
Instruction Scope: concernThe runtime instructions instruct the agent to: use web_fetch to scrape masothue.com, call gog to read/write Google Sheets, import and call code from a local path to create/update Odoo records (res.partner and crm.lead). That means the skill will read/write remote services and local filesystem paths. The SKILL.md also leaves critical parameters blank (Spreadsheet ID, gid) and assumes robust parsing of scraped HTML. The instructions thus go beyond simple lookups and include write actions to external systems and local code imports — these behaviors should have been declared and constrained.
Install Mechanism: noteThere is no install specification or shipped code (instruction-only), which limits direct disk writes by the skill itself. However the SKILL.md relies on external tooling (gog CLI) and a local 'odoo-connector' package. The lack of an install step is low-risk by itself but increases implicit dependency risk (it assumes tools already exist and are configured).
Credentials: concernThe metadata declares no required environment variables or primary credential, but the instructions require env GOG_ACCOUNT and an authenticated gog CLI, and implicitly require whatever credentials the local odoo-connector uses. Requesting write access to Google Sheets and creating Odoo records is high-impact; these credentials and access scopes should be explicitly declared and justified. The mismatch between declared and required secrets is disproportionate.
Persistence & Privilege: noteThe skill is not marked always:true and has no install step, so it does not force permanent inclusion. However the instructions perform autonomous write actions (Google Sheets and Odoo) when invoked. Because the agent is allowed to invoke skills autonomously by default, the combination of autonomous invocation plus undocumented credentials/capabilities increases risk — you should not enable autonomous runs until dependencies and scopes are clarified.