Back to skill
Skillv1.3.0
ClawScan security
monday.com · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 14, 2026, 9:36 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's requirements and runtime instructions are consistent with a monday.com integration: it only needs a monday API token and provides GraphQL examples and optional MCP usage — nothing appears to be trying to do something unrelated to its stated purpose.
- Guidance
- This skill appears coherent for a monday.com integration, but take these precautions before installing: - Prefer the GraphQL fallback unless you trust the MCP package source; invoking `npx ...@latest` downloads and runs remote code each time — consider pinning a specific version instead of `@latest`. - Store MONDAY_API_TOKEN in a secrets manager or platform secret (not plaintext). Limit the token's scope if possible and use temporary/rotated tokens. - Review the MCP package repository (if you plan to use it) so you trust its publisher and release history. - Monitor token usage and audit monday.com activity after enabling the skill. If you cannot confirm the MCP package source, avoid running subprocess installs and stick to direct GraphQL calls.
Review Dimensions
- Purpose & Capability
- okName/description match the requested env var (MONDAY_API_TOKEN) and the SKILL.md explains using monday's MCP server or GraphQL API to manage boards/items/columns/etc., which is expected for this integration.
- Instruction Scope
- noteThe instructions stay on-topic (signup, obtain token, use MCP or GraphQL, example queries/mutations). They don't ask to read unrelated system files or other credentials. They do instruct running an MCP subprocess or using npx, which broadens what the agent will execute at runtime (see install_mechanism).
- Install Mechanism
- noteThere is no formal install spec (instruction-only), but SKILL.md recommends invoking the official MCP server via `npx -y @mondaydotcomorg/monday-api-mcp@latest`. Relying on npx/@latest downloads and executing third-party code at runtime is a supply-chain risk; however, this is optional and the doc encourages falling back to direct GraphQL calls.
- Credentials
- okOnly MONDAY_API_TOKEN is required and it is justified by the skill's purpose. No unrelated secrets, config paths, or multiple credential requests are present.
- Persistence & Privilege
- okSkill is instruction-only, no install, not always-enabled, and does not request system-wide changes or other skills' configs. Autonomous invocation is allowed by default but not combined with other high-risk factors here.