Bizcard
PassAudited by ClawScan on May 1, 2026.
Overview
Bizcard’s artifacts are coherent for a business-card-to-Google-Contacts workflow, but users should notice that it uses external AI/API services, account credentials, and raw command/API calls to read and modify contacts.
This skill appears purpose-aligned: it scans business cards, asks before saving, checks for duplicates, and then creates Google Contacts. Before installing, make sure you trust the Maton, Google Contacts, Telegram, and image-model providers involved, understand that contact data and card photos may leave your device, and only approve contact saves after reviewing the extracted fields.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
After you approve, the agent can add contacts and upload a photo to your Google Contacts account.
The skill directs the agent to use raw exec/Python API calls to create Google Contacts and process images. This is aligned with the contact-management purpose and gated by user approval, but it is still high-impact tool use.
STEP 7: 저장 (사용자 승인 후) 사용자가 승인하면: 1. People API로 연락처 생성 (exec 도구로 python3 실행) 2. Nano Banana Pro로 이미지 보정
Only approve saves after checking the extracted contact fields, and use a Google account/Contacts connection you are comfortable letting this skill modify.
The skill depends on credentials that can access your Google Contacts through Maton and send images to an image-processing provider.
The skill requires API keys and a Google Contacts OAuth connection. These credentials are expected for the service integration, but they grant access to sensitive account data.
| Maton API Key | **필수** | [maton.ai/settings](https://maton.ai/settings) | | Google Contacts 연결 | **필수** | Maton OAuth (`google-contacts`) | | Nano Banana Pro API Key | **필수** |
Use least-privilege connections where available, keep API keys private, and revoke the Maton/Google connection if you stop using the skill.
Business card images and extracted contact information may be processed by external AI/API services before being saved.
The workflow sends business card images/contact details through external model/provider and Google Contacts integrations. This is disclosed and central to the skill, but it involves personal data crossing provider boundaries.
명함 사진 → Gemini 3 Flash OCR (원본으로 텍스트 추출) → 필드 파싱 → Name 포맷 적용 → 중복 감지 → 사용자 확인 → Nano Banana Pro ... → Google Contacts 저장 + 보정된 사진 업로드
Avoid using the skill for cards containing information you do not want sent to the configured AI/API providers, and review the providers’ privacy terms.
It may be harder to confirm exactly which release or source this skill came from.
The package metadata version differs from the registry version 0.1.2, and the registry lists the source as unknown. This is not evidence of malicious behavior, but it is a provenance/metadata consistency gap.
"version": "0.1.1"
Install only from a trusted copy, and verify the files and credentials you configure before use.