Skillv1.0.0

ClawScan security

Heleni Meetings · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 6, 2026, 4:28 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's steps for finding PAs and creating calendar events expect local files and a 'gog' calendar CLI and calendar credentials, but the package declares no required binaries, env vars, or install steps — those omissions make the behavior incoherent and require clarification before trusting it.
Guidance: This skill's instructions expect a local PA directory file and the 'gog' calendar CLI plus access to an owner's calendar, but the package metadata doesn't declare those requirements or how authentication is handled. Before installing or enabling it: (1) confirm whether your agent environment actually has the 'gog' tool and how it authenticates (service account, OAuth cached creds, etc.); (2) inspect data/pa-directory.json for PII and ensure you are comfortable the agent may read it; (3) ask the skill author to declare required binaries/env vars and to provide the missing Section 2 (transcript summarization) if you need it; (4) if you don't want the agent to autonomously create invites or follow up, restrict its permissions or disable autonomous invocation until you understand how it will send messages; and (5) test in a safe account first (no real calendar invites) to confirm behavior. These mismatches explain why the skill is suspicious rather than clearly benign.

Review Dimensions

Purpose & Capability: concernThe skill claims to coordinate and book meetings and to summarize meeting notes, which is reasonable, but its runtime instructions call the 'gog' CLI and rely on a local data/pa-directory.json and an OWNER email address. The registry metadata declares no required binaries, no env vars, and no install — yet the instructions implicitly require the 'gog' command and authenticated access to an owner's calendar. That mismatch (no declared requirements but clear runtime requirements) is incoherent.
Instruction Scope: concernSKILL.md instructs the agent to read data/pa-directory.json (which may contain PII like phone numbers), list/fetch calendar events and create events via the 'gog' CLI, and perform follow-ups within hours. It also contains hardcoded placeholder OWNER_EMAIL values (owner@company.com) without explaining where credentials or auth come from. The instructions do not specify how outbound communications (email/IM) are sent; they only give templates. Section 2 referenced in the skill description (summaries/actions from transcripts) is not present in the provided SKILL.md content, which is another inconsistency.
Install Mechanism: okThere is no install spec and no code files; that lowers risk because nothing in the package will be written to disk by an installer. However, the instructions still expect external tools (gog) to exist in the runtime environment.
Credentials: concernThe skill declares no required environment variables or primary credential, but the instructions repeatedly use GOG_ACCOUNT and owner email addresses and run commands that require authenticated calendar access. The skill also reads a local pa-directory.json without declaring it. These undeclared secrets/credentials and local file access are disproportionate to the registry metadata and need explicit declaration and justification.
Persistence & Privilege: okThe skill does not request always:true or other elevated platform privileges and does not claim to modify other skills. It does instruct autonomous follow-ups (timed follow-up messages within business hours), but the skill's flags are default (user-invocable, model invocation allowed). That is normal, though you should be conscious that the agent could autonomously send calendar invites if it has credentials and the platform allows it.