ClawHub

Productboard Search

v0.1.0

Search and explore ProductBoard features, products, and feedback

1· 1.8k·2 current·2 all-time
by@robertoamoreno
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to search ProductBoard (features, products, notes) but declares no required credentials, API keys, or platform connector. Real ProductBoard API access normally requires an API token; the SKILL.md lists pb_* tools but does not explain where those tools run or how they are authenticated.
Instruction Scope
The SKILL.md stays on-topic (search strategies, which pb_* tools to call, filters). It does not instruct reading unrelated files or exfiltrating data, but it implicitly assumes availability of pb_search / pb_feature_list / etc. without specifying how to obtain credentials, where network calls go, or how results are fetched.
Install Mechanism
There is no install spec and no code files — this is instruction-only. That minimizes the risk of arbitrary code being written to disk, but also means the SKILL.md is relying entirely on platform-supplied tooling (not described).
!
Credentials
No environment variables, primary credential, or config paths are declared despite the skill needing ProductBoard access. This is disproportionate: a connector to ProductBoard should normally require a token (e.g., PRODUCTBOARD_API_TOKEN) or explicit instruction to use a platform-managed credential.
Persistence & Privilege
always:false and no install actions — the skill does not request persistent presence or system-wide changes. Autonomous invocation is allowed (default), which is normal and not flagged on its own.
What to consider before installing
Before installing: confirm how the pb_* tools are provided and where network requests run. Ask the publisher or check the linked repo for implementation details — specifically where authentication is configured and whether you must supply a ProductBoard API token. Do not supply any unrelated credentials. If the skill runs without requiring a ProductBoard token, treat that as suspicious and request a clear explanation of how it accesses your workspace. Prefer skills that declare required env vars or use a documented, limited-scope connector; review the repository code (or request it) to verify endpoints and credential handling. If you can, test in a limited-permission ProductBoard account or with a scoped API token first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e1tm3ktzh56vezm3bk5htt5808qq3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔍 Clawdis

Comments