Skillv1.0.0

ClawScan security

zoho-support-claw · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 26, 2026, 6:53 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions match its stated purpose (ingesting Zoho Desk tickets, creating embeddings, and using OpenAI to draft replies); there are no signs of obfuscated or hidden endpoints, but the registry metadata omitted required environment variables and the skill will transmit ticket text to OpenAI and persist ticket content locally — you should review credential scope and data-handling before installing.
Guidance: What to check before installing: - Registry metadata mismatch: the package actually requires ZOHO_TOKEN and OPENAI_API_KEY (and optional ZOHO_DOMAIN and model/env settings) even though the registry lists none — update or confirm env requirements before use. - Data exposure: this skill sends ticket text to OpenAI for embeddings and drafts. If tickets contain PII or sensitive information, consider redaction, using an enterprise/isolated OpenAI account, or avoiding sending those fields. - Local storage: ticket text and embeddings are stored in data/embeddings.json on disk; secure that file (permissions, encryption, backups) or change storage behavior if needed. - Credential scope: use least-privilege Zoho tokens (limited scopes) and rotate tokens after testing. Do not use admin credentials if not required. - Run in an isolated environment first: examine network requests (to Zoho domain and OpenAI) and logs, and confirm the ingested data is what you expect. - Dependency review: dependencies are standard (axios, openai, dotenv, pino); keep them up-to-date and audit for known vulnerabilities. If these tradeoffs are acceptable and you secure tokens and stored data, the implementation appears coherent with its stated purpose.

Review Dimensions

Purpose & Capability: noteCode implements Zoho Desk calls (axios), local embedding storage, and OpenAI calls for embeddings/completions, which aligns with the described purpose. However, the registry metadata claims 'Required env vars: none' and 'Primary credential: none', while README and SKILL.md (and the code) require ZOHO_TOKEN and OPENAI_API_KEY (also optional ZOHO_DOMAIN, OPENAI_MODEL, EMBEDDINGS_MODEL, LOG_LEVEL, INGEST_LIMIT). This metadata omission is an inconsistency (likely oversight) but not evidence of malicious intent.
Instruction Scope: noteSKILL.md instructs to put ZOHO_TOKEN and OPENAI_API_KEY in a .env and run npm scripts; the runtime instructions in index.js/ libs stick to that scope: fetching closed/open tickets, creating embeddings, saving vectors locally, and asking OpenAI for draft replies. The code does read other env vars (ZOHO_DOMAIN, LOG_LEVEL, INGEST_LIMIT, model overrides) which are not all documented in SKILL.md, so documentation is slightly incomplete but behavior is coherent.
Install Mechanism: okThis is an instruction-only skill for install (no platform install spec), but it includes Node.js source and a package.json with dependencies (axios, dotenv, openai, pino). Dependencies are expected and come from npm; there are no downloads from arbitrary URLs, no archive extraction, and no unusual install steps.
Credentials: noteRequested credentials (Zoho OAuth token and OpenAI API key) are proportional to the functionality. Important privacy implication: ticket text is sent to OpenAI for embeddings and completions, and full ticket text/resolution is persisted locally in data/embeddings.json. The skill does not request unrelated credentials, but you should confirm token scopes and be aware of third-party data sharing and local storage of potentially sensitive content.
Persistence & Privilege: okalways is false and the skill does not request elevated agent privileges or modify other skills. It persists its own data to data/embeddings.json (normal for a local vector store). No evidence it changes system-wide configuration or gains persistent agent privileges beyond normal skill behavior.