t0cksn1per
ReviewAudited by ClawScan on May 15, 2026.
Overview
The skill’s purpose is clear, but it tells the agent to run an unpinned external CLI that was not included for review and can drive browser automation for unattended reservation watching.
Before installing or invoking this skill, verify the external `t0cksn1per` package and prefer a pinned, trusted version. Review the generated command before it runs, start with visible browser mode, and only use CDP with the temporary Chrome profile documented by the skill.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or invoking the skill may download and execute code whose behavior was not visible in the submitted artifacts.
The skill runs an external package through `uvx`, while the registry metadata says the source is unknown, there is no homepage, no install spec, and no code files were included for review. The package version/source is not pinned in the command.
Run with: ```bash uvx t0cksn1per --help ```
Only run this after independently verifying the `t0cksn1per` package source and version; prefer a pinned version or reviewed local install.
The agent may run a local or remote command that launches browser automation and performs reservation-watching behavior.
The skill directly instructs the agent to execute a generated local command. This is aligned with the stated purpose, but it means user-provided reservation parameters lead to real command execution.
Then produce one command and run it.
Review the exact generated command before allowing it to run, especially options such as target node, dates, times, and browser mode.
A headless run could continue polling without a visible browser, making it easier to miss what the automation is doing.
The examples include headless Playwright execution for unattended polling. Browser automation is expected for this skill, but it can interact with the reservation service on the user's behalf.
PLAYWRIGHT_HEADLESS=1 uvx t0cksn1per run taneda
Use headed/local mode for first runs, confirm the command parameters, and stop unattended jobs when they are no longer needed.
If the user logs into Tock or other sites in that CDP-controlled browser profile, the automation can operate within that session.
CDP mode opens a local Chrome debugging endpoint so the CLI can control that browser. The documented temporary user-data directory helps scope the profile, but any login/session in that browser is exposed to the automation.
--remote-debugging-port=9222 \ --user-data-dir=/tmp/tocksn1per-cdp
Use the temporary profile shown in the documentation, avoid exposing unrelated browser sessions, and close Chrome/debugging mode after use.