ClawHub
Back to skill
v1.0.0

Baselight data via MCP

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:37 AM.

Analysis

This is a straightforward instruction-only connector to Baselight's external MCP service; the main things to notice are account/API-key authentication and sending queries to a remote provider.

GuidanceThis appears reasonable to install if you intend to use Baselight through MCP. Before using it, verify the Baselight endpoint, authenticate with a revocable account/API key, and avoid sending private data in queries unless you are comfortable sharing it with Baselight.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
SKILL.md
Connect using OAuth or API key depending on client. ... Requires Baselight account or API key

The skill relies on Baselight account credentials or an API key. This is expected for a Baselight connector, but users should notice that authentication is involved.

User impactThe agent or client may be able to use the user's Baselight account/API key to run dataset queries, potentially consuming query limits.
RecommendationUse credentials intended for Baselight only, keep them revocable, and confirm the account scope and query limits before use.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
SKILL.md
MCP Server URL: https://api.baselight.app/mcp

The skill connects the user's AI client to a disclosed external MCP server. Query text and generated SQL may be transmitted to that service as part of normal operation.

User impactQuestions, dataset searches, and SQL queries may leave the local/chat environment and be processed by Baselight.
RecommendationAvoid including confidential or regulated data in prompts or queries unless sharing it with Baselight is intended and permitted.