venue-polling

SuspiciousAudited by ClawScan on May 10, 2026.

Overview

This is a coherent gym-booking helper, but it can automatically create venue orders using bundled account credentials and an undeclared local signing key.

Do not run this live as-is. First remove and rotate the exposed token, provide your own credentials securely, set AUTO_BOOK to false unless you explicitly want booking automation, and add confirmation plus polling limits so it cannot create orders unexpectedly.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

ConcernHigh Confidence

ASI02: Tool Misuse and Exploitation

What this means

Running the script can create a booking order or reservation on the configured account without a separate confirmation at the moment of booking.

Why it was flagged

The script defaults to automatically sending a createOrder API request when it detects an available venue slot.

Skill content

AUTO_BOOK = True ... if AUTO_BOOK:
                            success = create_order(item) ... response = requests.post(API_ORDER_URL, headers=headers, json=order_data, timeout=15)

Recommendation

Default to dry-run or AUTO_BOOK=False, require explicit user confirmation for each createOrder request, and add clear limits for date, time, venue, and account.

ConcernHigh Confidence

ASI03: Identity and Privilege Abuse

What this means

A valid token/key could let the workflow act as a booking account, and the exposed hardcoded token should be treated as compromised.

Why it was flagged

The workflow bundles an account-like token and reads a local unencrypted RSA private key for signing, despite metadata declaring no credentials or config requirements.

Skill content

TOKEN = "0cd5cb6b21fc410dbd81bc3e6a066614" ... "token-user": TOKEN ... with open("rsa_private_key.pem", "r", encoding="utf-8") as f:

Recommendation

Remove hardcoded tokens, rotate any exposed credential, declare required credentials/config paths, and load user-provided secrets from secure storage or environment variables.

NoteHigh Confidence

ASI10: Rogue Agents

What this means

If left running, the script can continue making repeated API calls until manually stopped or until it detects availability.

Why it was flagged

A foreground polling loop is expected for this purpose, but there is no maximum runtime or attempt limit.

Skill content

POLL_INTERVAL = 5 ... while True:
        count += 1 ... time.sleep(POLL_INTERVAL)

Recommendation

Add a maximum runtime, maximum attempt count, and a visible stop condition before users run live polling.

NoteHigh Confidence

ASI04: Agentic Supply Chain Vulnerabilities

What this means

Users may not realize what local setup and sensitive files are needed before running the workflow.

Why it was flagged

The script relies on external Python packages and a local PEM file, but the supplied metadata/install section does not declare dependencies, credentials, or config paths.

Skill content

import requests ... from cryptography.hazmat.primitives import serialization ... with open("rsa_private_key.pem", "r", encoding="utf-8")

Recommendation

Document dependencies and required files explicitly, provide pinned installation instructions if needed, and keep secret files out of the skill bundle.