Skillv1.0.0

ClawScan security

OEE CRM Intelligence · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 14, 2026, 2:57 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly behaves like a CRM filtering tool, but the package metadata, SKILL.md and code disagree about required credentials and dependencies, and the tool will send contact data to a third‑party AI service (Anthropic), so review before installing or supplying keys.
Guidance: This skill mostly does what it says (two‑stage filtering + AI scoring), but there are mismatches you should consider before installing: - The SKILL.md and crm_filter.py require ANTHROPIC_API_KEY and the 'anthropic' Python SDK, but the registry metadata did not declare any required env vars or dependencies. Treat that as an omission and verify dependencies yourself. - Stage 2 will send contact data (emails, names, sample subjects, exchange counts, timestamps, etc.) to Anthropic. If that data includes personal or confidential information, do not provide a real ANTHROPIC_API_KEY unless you accept sending that data to a third party. - The script persists learning.json (rejected_contacts and preferences) in the skill directory; review that file for sensitive content and consider where you want it stored/backed up. - The code falls back to skipping AI if the SDK or key is missing, but if you supply the key an agent or the skill can call the external API autonomously (disable-model-invocation is false). If you want to limit risk, run the script locally on sanitized/test data first or use a dedicated, limited-scope API key. What would raise or lower my concern: full, non‑truncated source (to confirm there are no hidden endpoints), explicit dependency and env var declarations in registry metadata, and a clear privacy note about what data is sent to Anthropic would reduce the ambiguity. Without those, proceed cautiously and assume the AI stage will transmit CRM data to an external service.

Review Dimensions

Purpose & Capability: noteThe skill's name/description and code match: it is a 2‑stage CRM filter that uses local rules and an AI scoring step. Requiring an ANTHROPIC API key for Stage 2 is coherent with the stated purpose. However, the registry metadata claims no required env vars or dependencies while SKILL.md and crm_filter.py explicitly reference the ANTHROPIC_API_KEY and the 'anthropic' Python SDK — an inconsistency.
Instruction Scope: noteSKILL.md instructs running the included Python script from the skill directory and to supply the ANTHROPIC_API_KEY for Stage 2. The runtime instructions and code read/write learning.json (persisting rejected_contacts) and will send contact fields (email, name, subjects, interaction counts, timestamps, etc.) to the Anthropics API for classification. There are no instructions or code that read unrelated system files or access other credentials, but sending CRM data to a third party is a privacy/consent concern and should be expected by the user.
Install Mechanism: okThis is an instruction-only skill with one Python file and no install spec; nothing is downloaded or installed automatically by the registry. The code will attempt to import the 'anthropic' SDK (and falls back to skipping AI if not present). You must manually pip install dependencies if you want Stage 2 to run.
Credentials: concernStage 2 requires ANTHROPIC_API_KEY and the anthropic SDK; this is proportionate to doing cloud‑based AI scoring. The concern is that the registry metadata does not declare this required env var or dependency, so an agent or user might install/run the skill without realizing direct data will be sent to a third‑party service. The skill will transmit potentially sensitive contact data (emails, names, subjects, interaction counts, timestamps) to Anthropics.
Persistence & Privilege: okThe skill writes its own learning.json (persisting rejected_contacts) in the skill directory — expected behavior for a learning filter. It is not marked 'always: true' and does not request system‑wide privilege or modify other skills' configs.