Skillv1.1.0

ClawScan security

Agile Observer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 15, 2026, 5:18 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior mostly matches an agile metrics tool for Trello/Jira, but it expects credentials stored in workspace secrets even though the registry metadata declares no required credentials — that mismatch and some ambiguous delivery instructions warrant caution.
Guidance: This skill appears to genuinely implement Trello/Jira metrics, but it expects to read credentials from workspace secrets (trello-credentials.json or jira-credentials.json) even though the registry lists no required credentials. Before installing: - Verify where and how the agent will access credentials. If you must provide credentials, prefer limited-scope API tokens (not full admin credentials) and rotate them after testing. - Confirm that workspace secrets access is acceptable — the skill will look for credential files in the workspace secret store. If you don't want the agent to access your primary credentials, create a dedicated read-only account or token for metrics only. - Ask the skill author (or inspect runtime logs) to confirm that reports and data are only sent to Trello/Jira and your chosen delivery channel — clarify what "primary channel" means and where reports will be posted. - Because metadata omitted the credential requirement, consider exercising extra caution: run the skill in a controlled environment first, audit network requests, and review any generated outputs before enabling recurring scheduling. If the author updates the registry metadata to declare the required credentials explicitly (or documents an option to provide credentials via the platform's secure credential fields), my confidence that this is coherent would increase.

Review Dimensions

Purpose & Capability: noteThe skill's name/description and the runtime instructions align: it queries Trello and Jira APIs, computes cycle time/throughput/WIP, and generates reports. However, the skill relies on credentials found in workspace secrets (trello-credentials.json / jira-credentials.json) even though the registry metadata lists no required credentials or primary credential — an inconsistency between claimed requirements and runtime needs.
Instruction Scope: okSKILL.md instructions stay within the stated purpose: list boards/projects, fetch cards/issues and action histories, classify states, compute metrics, and produce reports. The only external data the instructions say to read are Trello/Jira data and credential files in workspace secrets (which is relevant to the task). There are no instructions to read unrelated system files or to post data to third-party endpoints beyond Trello/Jira.
Install Mechanism: okNo install spec or code is provided (instruction-only). This minimizes on-disk installation risk because nothing is downloaded or executed beyond what the agent itself performs at runtime.
Credentials: concernThe skill will need API credentials (Trello key/token or Jira instance/email/api_token) to function, and SKILL.md explicitly instructs the agent to look for credential files in workspace secrets. But the registry metadata declares no required env vars or primary credential. That mismatch is concerning because sensitive credentials are needed but not declared by the package metadata. Requesting these credentials is reasonable for the stated purpose, but the omission in metadata reduces transparency.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated platform privileges. It allows autonomous invocation (platform default), which is expected for skills; nothing here requests persistent system-wide changes or other skills' credentials.