ClawHub
Back to skill
v1.2.2

Limesurvey Openclaw Skill

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:13 AM.

Analysis

This appears to be a legitimate LimeSurvey automation skill, but it gives an agent broad powers to change or delete survey data and email participants, so it should be reviewed before installation.

GuidanceInstall only if you are comfortable giving the agent LimeSurvey API access. Use a dedicated least-privilege service account, avoid admin credentials, require human approval for delete/update/import and invitation/reminder actions, and treat exported responses, participant lists, tokens, and statistics as potentially sensitive data.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityHighConfidenceHighStatusConcern
references/api_reference.md
### delete_survey(session_key, survey_id)

Permanently delete a survey.
...
### delete_response(session_key, survey_id, response_id)

Delete a response.

The skill documents destructive LimeSurvey operations that can remove surveys or response data, but the artifacts do not show confirmation, backup, rollback, or approval requirements before those operations are used.

User impactA mistaken or autonomous action could permanently remove important survey or response data from the LimeSurvey instance.
RecommendationUse a least-privilege account that cannot delete production surveys unless required, and require explicit human confirmation or backups before any delete/update/import operation.
Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
scripts/limesurvey.py
p_invite.add_argument('--token-ids', help='Comma-separated token IDs (default: all)') ... client.call('invite_participants', client.session_key, args.survey_id, token_ids)

The invitation command can send emails, and the documented default is all recipients when no token IDs are provided; no dry-run or confirmation is shown.

User impactAn agent or user could unintentionally email all pending survey participants.
RecommendationRequire explicit recipient selection and a confirmation step before sending invitations or reminders, especially in production surveys.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
SKILL.md
REQUIRED ENVIRONMENT VARIABLES: LIMESURVEY_URL ... LIMESURVEY_USER, LIMESURVEY_PASSWORD (use least-privilege service account, never full admin credentials).

The skill needs LimeSurvey credentials to perform its intended API operations; this is disclosed and purpose-aligned, but those credentials determine how much survey data and mutation authority the agent receives.

User impactIf configured with an admin or over-privileged account, the agent may be able to read, export, modify, email, or delete more LimeSurvey data than intended.
RecommendationConfigure a dedicated service account with only the survey permissions needed, avoid full admin credentials, and verify LIMESURVEY_URL points to the intended trusted instance.