ClawHub
Back to skill
v1.0.0

Upcoming Concerts

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 6:42 AM.

Analysis

This skill appears to do what it claims: it runs a small Python script to query Ticketmaster for concert listings using the user's Ticketmaster API key.

GuidanceThis looks safe to install if you are comfortable providing a Ticketmaster API key. Searches and the API key are sent to Ticketmaster; avoid exposing logs or URLs that may contain the key. The provided artifacts show no persistence, file modification, destructive behavior, or hidden data collection.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityInfoConfidenceHighStatusNote
events.py
API_BASE = "https://app.ticketmaster.com/discovery/v2/events.json" ... urllib.request.urlopen(req)

The script makes an outbound request to the Ticketmaster Discovery API. This is disclosed and directly aligned with searching for concerts.

User impactSearch filters such as city, country, artist, genre, and date range are sent to Ticketmaster to retrieve results.
RecommendationUse this skill for searches you are comfortable sending to Ticketmaster, and review command arguments before invoking it.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
events.py
api_key = os.environ.get("TICKETMASTER_API_KEY") ... "apikey": api_key

The script reads the Ticketmaster API key from the environment and includes it in the Ticketmaster request parameters, which is expected for this API integration.

User impactYour Ticketmaster developer key is used for searches and could affect your Ticketmaster API quota if exposed elsewhere.
RecommendationUse a dedicated Ticketmaster API key, keep it out of shared logs or transcripts, and rotate it if you suspect exposure.