Boktoshi Human /my Helper
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill is coherent and limited to using a Firebase token for Boktoshi human account API reads, with no install code or hidden behavior shown.
This looks safe for its stated purpose, but it uses a Firebase ID token to access private Boktoshi human account endpoints. Install it only if you trust the Boktoshi API use case and keep the token out of shared logs or messages.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If installed and used, the agent may access private Boktoshi account data available through the supplied Firebase ID token.
The skill requires a bearer credential for a human account session, which gives access to authenticated Boktoshi /my endpoints.
- `FIREBASE_ID_TOKEN` ... `Authorization: Bearer <firebase-id-token>`
Only provide this token if you intend the agent to access your Boktoshi human account endpoints, and avoid sharing logs or transcripts that include the token.