Skillv2.0.1

ClawScan security

Venn - Secure Universal MCP (Google Workspace, Jira, GitHub, and more) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 24, 2026, 4:43 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally coherent: it only requests a single VENN_API_KEY and its runtime instructions and capabilities match a Venn-based enterprise integration router.
Guidance: This skill appears to do what it says: it uses a single Venn API key to route requests to many enterprise services. Before installing: - Understand what the VENN_API_KEY can access. That one key is a gateway to any connectors already configured in your Venn account — review and limit connected integrations and scopes in Venn before issuing a key. - Prefer using the OpenClaw secrets helper (openclaw secrets configure) or your organization’s secrets manager rather than appending the key to ~/.openclaw/.env or baking it into sandbox images. Keys in plaintext files or images are easy to leak. - If you must put the key in config files or images, use least-privilege keys and plan rotation/revocation. - Audit logs and monitor Venn and OpenClaw activity after enabling the integration (and restrict which agent sandboxes can use the key). If you want a stricter review: provide the omitted parts of SKILL.md (the full workflow execution examples) or evidence that the Venn API key can be scoped (or scoped tokens exist). If the skill had asked for unrelated credentials, embedded external download URLs, or instructed the agent to read host credentials/configs, the assessment would be suspicious.

Review Dimensions

Purpose & Capability: okName/description claim: route/search/execute across many enterprise services via Venn. Declared requirement: VENN_API_KEY (primaryEnv). This aligns — a single Venn API key is the expected credential to let the Venn platform operate on connected tools.
Instruction Scope: noteSKILL.md is an instruction-only integration doc that tells the agent how to call Venn's REST API and how to configure the VENN_API_KEY in OpenClaw. It asks the operator to add the key to ~/.openclaw/.env (or to sandbox/docker env settings) and to restart or reload OpenClaw. Those steps are operationally expected, but storing a long-lived platform API key in a global .env or baking it into sandbox images increases blast radius — the docs advise those exact actions rather than recommending the secrets helper as the safest default.
Install Mechanism: okNo install spec and no code files — instruction-only. Nothing is downloaded or written by the skill itself (beyond telling the operator how to configure OpenClaw). This is the lowest-risk install pattern.
Credentials: noteOnly one required env var (VENN_API_KEY) is declared, which is proportionate to the described functionality. Important caveat: that single key is a gateway credential — granting it to the platform can permit access to many connected enterprise services (Gmail, Jira, GitHub, Salesforce, etc.). The skill doesn't request unrelated credentials, but the Venn key implicitly enables broad access.
Persistence & Privilege: okalways:false and the skill is user-invocable; it does not request permanent/forced inclusion. It does instruct operators to add the key to OpenClaw environment configurations (which will persist across runs) — again expected for API-driven integrations but worth noting for operational security.