Cosmetics Advisor: Pengleni

PassAudited by ClawScan on May 10, 2026.

Overview

This appears to be a straightforward Pengleni API client, but it uses SMS login, a bearer token, external API calls, and a local session file.

Use this skill only if you are comfortable providing a phone number/SMS code and CLAWHUB_SKILL_TOKEN for Pengleni access. Confirm before sending SMS codes, verify the configured API URLs, and protect or remove the .session.json file after use.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Low

#ASI02: Tool Misuse and Exploitation

What this means

Using the send-code step may send an SMS to the entered phone number.

Why it was flagged

The skill can trigger an SMS verification code to the supplied phone number. This is expected for the login flow, but it is an external side effect that should only be performed with user consent.

Skill content

url = f"{site_base_url}/chainlit/send-verification-code"
return post_json(url, {"phone": phone})

Recommendation

Only send codes to phone numbers the user owns or is authorized to use, and consider adding local phone-format validation and explicit confirmation before sending.

Low

#ASI03: Identity and Privilege Abuse

What this means

The skill can authenticate a Pengleni session when given the required token, phone number, and verification code.

Why it was flagged

The login flow uses a bearer service token plus the user's phone number and SMS verification code. This is consistent with the stated SMS login purpose, but it is still credential/session authority.

Skill content

token = require_env("CLAWHUB_SKILL_TOKEN")
payload: Dict[str, Any] = {
    "phone": phone,
    "verify_code": verify_code,
}

Recommendation

Keep the token and SMS code private, use only trusted endpoints, and note that the registry metadata does not declare this credential requirement.

Low

#ASI03: Identity and Privilege Abuse

What this means

Anyone or any process with access to that file may be able to reuse the saved session identifiers.

Why it was flagged

Successful login persists session identifiers to a local session file, defaulting to .session.json.

Skill content

save_session(
    {
        "user_id": result["user_id"],
        "session_id": result["session_id"],
    },
    path=args.session_file,
)

Recommendation

Store the session file in a private workspace, restrict file permissions, and delete it when the session is no longer needed.

Low

#ASI07: Insecure Inter-Agent Communication

What this means

Beauty questions and any personal details typed into the chat are sent to the configured provider API.

Why it was flagged

User chat text is converted to escaped HTML and sent to the configured Pengleni/ClawHub API endpoint. This is disclosed and purpose-aligned, but it means user content leaves the local environment.

Skill content

"html_payload": text_to_html_payload(text),
"stream": stream,
...
url = f"{api_base_url}/session/message"
return post_json(url, payload, token=token)

Recommendation

Avoid sending highly sensitive personal data, verify API_BASE_URL points to the intended provider, and review the provider's privacy practices.