Help Scout
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a disclosed HelpScout CLI wrapper, but it can use HelpScout credentials to read, modify, delete, publish, and export support/customer/help-center data.
Install this only if you trust the upstream hs CLI and intend to let your agent work with HelpScout. Use restricted HelpScout credentials when possible, confirm before any delete/publish/workflow/webhook action, and be careful with outputs that may contain customer PII.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using this skill with valid HelpScout credentials could access the HelpScout data and permissions associated with those credentials.
The skill requires HelpScout account credentials and can store them locally; this is expected for the stated API-management purpose, but it grants account-level access.
Inbox uses OAuth2 client credentials (App ID + App Secret). Docs uses an API key. ... Credential resolution order: OS keyring → config file.
Use least-privilege HelpScout credentials where possible, prefer OS keyring storage over plain config files, and run logout when access is no longer needed.
Mistaken or overly broad commands could close, delete, publish, or alter HelpScout content and workflows.
The documented commands include deleting customer/support records, running workflows, and publishing Docs articles. These are purpose-aligned for a HelpScout admin CLI, but they can materially change account data.
`hs inbox conv delete <id>` ... `hs inbox cust delete <id>` ... `hs inbox wf run <id> --conversation-ids id1,id2` ... `hs docs articles update <id> --text "Updated..." --status published`
Require explicit user confirmation for destructive, publishing, workflow, webhook, or bulk actions; test read-only commands first.
The installed binary will handle HelpScout credentials and API calls, so the user is relying on the upstream package source.
The skill depends on an externally installed Homebrew binary. That is normal for a CLI wrapper, but the executable implementation is outside the supplied SKILL.md.
brew | formula: operator-kit/tap/hs | creates binaries: hs
Verify the upstream repository/tap before installing, keep it updated from trusted sources, and consider pinning versions in managed environments.
Sensitive HelpScout messages or customer details may be shown in terminal output or included in the agent's working context.
The CLI can retrieve conversation threads and detailed HTTP responses, which may include customer/user PII and sensitive support content. The artifact also notes PII redaction is configurable.
`hs inbox conv get <id> --embed threads` ... `hs inbox tools briefing --assigned-to <uid> --embed threads` ... `--debug` — show HTTP request/response details
Limit queries to needed records, enable/verify PII redaction settings, avoid debug output with sensitive data, and do not paste outputs into untrusted contexts.