tenk-connect
WarnAudited by ClawScan on May 10, 2026.
Overview
This TenK integration mostly does what it says, but a bug in the logging script could let a crafted skill name run unintended commands on your computer.
Review carefully before installing. The TenK API access and local token storage are expected for this kind of integration, but the logging script should be fixed to avoid executing crafted input as Python code. If you use it anyway, only log trusted skill names, confirm ambiguous matches, and run logout when finished.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A specially crafted logging request or skill name could cause the assistant to run unintended commands on the user's computer under the user's account.
The script builds python3 -c source by interpolating values derived from the user request and API response instead of passing them as argv or safely encoded data. A crafted quote in a skill query/name can break out of the Python string and run unintended local Python code.
skill_id=$(echo "$skills_resp" | python3 -c "... q = '$skill_query'.lower() ...") ... print(json.dumps({'skillId': '$skill_id', 'duration': $duration_sec, 'notes': sys.argv[1]}))Do not rely on the logging command until this is fixed. The maintainer should pass skill_query, skill_id, and other dynamic values through sys.argv or JSON, validate minutes as a number, and avoid embedding untrusted strings in python3 -c source.
If the assistant matches the wrong skill or misreads the requested minutes, it may add an incorrect practice session to the TenK account.
The assistant is instructed to mutate the TenK account by logging sessions based on a fuzzy name match. This is purpose-aligned, but the confirmation happens after the post, not before.
Run tenk.sh skills to find the matching skill (fuzzy match on name) ... Run tenk.sh log <partial_name> <minutes> [optional note] ... Confirm with the returned result
Ask the assistant to confirm the exact skill and duration before logging when the request is ambiguous or when multiple skills could match.
Anyone or anything that can use the saved token while it is valid can access the connected TenK account functions exposed by the script.
The skill persists an OAuth token for the user's TenK account and uses it to read identity/progress and log sessions. This is expected for the integration and is disclosed, but it is still account authority.
User logs in with TenK credentials. CLI polls until approved. Token saved to ~/.config/tenk-connect/token (chmod 600).
Use this only on trusted machines, run the logout command when finished or if the device is shared, and ensure the token file remains protected.
Users may not notice the runtime dependencies or account-token behavior from the registry metadata alone.
The registry metadata does not declare source/homepage, required binaries, or the OAuth credential behavior, while the skill artifacts show an included shell script requiring curl/python3 and storing a token. This is a metadata/provenance gap rather than proof of malicious behavior.
Source: unknown; Homepage: none; Required binaries ... none; Primary credential: none
The publisher should declare curl/python3, credential use, network/API capabilities, and source/homepage metadata. Users should review the included script before use.