v1.1.0

Kaiten

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:17 AM.

Analysis

This looks like a legitimate Kaiten integration, but it can use your Kaiten token to change or delete project-board data, so it should be reviewed before installation.

GuidanceInstall only if you want the agent to manage real Kaiten project data. Use a scoped token if available, protect the secrets file, review the saved default board/space state, and require explicit confirmation before destructive actions such as deleting cards, removing members, or moving important work items.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

scripts/kaiten.sh

update-card) ... _patch "/cards/$1" "$2" ... delete-card) ... _del "/cards/$1"

The helper implements direct mutation and deletion of Kaiten cards using the user's API token, with no artifact-backed confirmation gate or rollback guidance.

User impactIf invoked incorrectly, the agent could update, move, or delete real project-management data in the user's Kaiten workspace.

RecommendationUse a least-privilege Kaiten token where possible, verify card IDs and targets carefully, and require explicit user confirmation before delete, membership, move, or other destructive changes.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

metadata

Required env vars: none ... Primary credential: none

The registry metadata under-declares runtime requirements even though the skill instructions and script require KAITEN_TOKEN, KAITEN_DOMAIN, bash, curl, and python3.

User impactUsers relying only on registry metadata may not realize the skill needs a sensitive API token and local command dependencies.

RecommendationReview the SKILL.md and README setup instructions before installation, and ensure the registry metadata is corrected to declare the token, domain, and helper-command requirements.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

scripts/kaiten.sh

AUTH="Authorization: Bearer ${KAITEN_TOKEN}"

The skill uses a bearer API token to act against the Kaiten account; this is expected for the integration but grants delegated account authority.

User impactThe agent can access or modify Kaiten data according to the permissions of the configured token.

RecommendationStore the token securely, avoid overly broad or admin tokens if not needed, and rotate the token if it may have been exposed.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

SKILL.md

State file: `SKILL_DIR/scripts/kaiten-state.json` ... When creating a card without explicit board → use `default_board_id`, fall back to `last_board_id`

The skill stores persistent board context and reuses it for future operations, which is useful but can affect where later cards are created.

User impactA future request that omits a board may be applied to a previously remembered board rather than the one the user intended.

RecommendationCheck the saved state before ambiguous write operations and reset or update defaults when switching projects or workspaces.