Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Kaiten
v1.1.0Manage Kaiten.ru project boards via REST API for creating, viewing, updating, moving cards, managing spaces, boards, columns, tags, comments, checklists, and...
⭐ 0· 108·0 current·0 all-time
byNikita@nixprosoft
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's name, description, SKILL.md, README, and the shell script all align: they implement a Kaiten REST API client (listing/creating/updating/moving cards, managing boards, tags, comments, checklists, time logs). The required credentials (KAITEN_TOKEN and KAITEN_DOMAIN) are appropriate for this purpose. However, the registry metadata earlier in the submission lists no required environment variables or primary credential while SKILL.md's metadata block and the script clearly depend on those env vars — this inconsistency is unexpected.
Instruction Scope
Runtime instructions direct the agent (and the user) to source a secrets file at ~/.openclaw/secrets/kaiten.env before any call and to read/write a state file at SKILL_DIR/scripts/kaiten-state.json. The actions (curl to Kaiten API endpoints, reading/writing the skill's own state file) are within the stated purpose, but the SKILL.md references a specific secrets file path that is not declared in the skill registry's config paths. Any instruction that tells the agent to source a specific secrets file should be declared and treated as sensitive.
Install Mechanism
There is no install spec (instruction-only with included helper script). No downloads or archive extraction occur. This is low-risk from an installation perspective; the only files are scripts and docs included in the skill bundle.
Credentials
The code requires two environment values (KAITEN_TOKEN and KAITEN_DOMAIN), which are appropriate and expected. But the skill metadata recorded in the registry claims 'Required env vars: none' while SKILL.md and the helper script require the token and domain. SKILL.md also prescribes sourcing a secrets file at ~/.openclaw/secrets/kaiten.env (a path not declared in the skill's required config paths). This mismatch between declared and actual credential/secret handling is a red flag — users should confirm where and how secrets are provided and stored before enabling the skill.
Persistence & Privilege
The skill does not request permanent/always-on inclusion and can be invoked by the user or autonomously (normal platform default). It writes a local state file (scripts/kaiten-state.json) inside the skill's script directory to store defaults and last-used IDs; this is expected for convenience but means the skill will create and modify a file in its directory. It does not modify other skills' configurations or system-wide settings.
What to consider before installing
This skill appears to implement the Kaiten API correctly, but there is a clear mismatch between the registry metadata (which lists no required env vars) and the SKILL.md + script (which require KAITEN_TOKEN and KAITEN_DOMAIN and instruct sourcing ~/.openclaw/secrets/kaiten.env). Before installing or enabling the skill:
- Verify the skill source and trust the owner (source is unknown and homepage is missing).
- Confirm you are willing to provide a Kaiten bearer token and the company domain; prefer a token with least privilege.
- Ensure the secrets file path (~/.openclaw/secrets/kaiten.env) and its permissions are acceptable; the SKILL.md expects you to store secrets there but the registry did not declare that path.
- Review or run the included scripts in a safe environment (sandbox) to confirm they behave as expected.
- If you plan to allow autonomous invocation, remember the skill can make API calls using the token it finds in environment — consider restricting scope of that token.
If the registry metadata is supposed to include required env vars and secret paths, ask the publisher to correct it; if not, treat the discrepancy as a risk indicator and proceed only after manual verification.Like a lobster shell, security has layers — review code before you run it.
latestvk97de3r3v0d3jj5n69ev6kjdb584dha5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.