Skillv98.0.1

ClawScan security

Data Pipeline Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 17, 2026, 5:22 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to be a set of ETL templates that mostly match its description, but it omits any guidance or declared requirements for the credentials and dependencies it will need to operate and contains sloppy/truncated instructions — this mismatch and missing provenance are worth caution.
Guidance: This skill is an instruction-only ETL template and largely does what its description says, but exercise caution before using it in production: 1) Don’t paste real API keys, DB passwords, or service account tokens into chat — use a secrets manager or supply read-only, scoped credentials only when you run the code locally. 2) Inspect the full SKILL.md (the provided file appears truncated and contains a broken shell line like "mkdir -") and any scripts it would run; fix/understand shell commands before executing. 3) Test with dummy or sandbox accounts and read-only database replicas. 4) Ask the publisher for provenance (homepage, source repo, maintainer contact) — absence of a homepage and unknown source lowers trust. 5) If you plan to let the agent run autonomously, limit its network and credential access and prefer ephemeral, least-privilege tokens. If you need help reviewing the missing/truncated parts or converting examples into a secure runbook, provide the full SKILL.md and intended runtime environment and I can help.

Review Dimensions

Purpose & Capability: noteName/description match the SKILL.md content: the instructions are ETL templates for API extraction, cleaning, merging, auditing, and scheduled runs. However, the skill claims integrations with many external services (QuickBooks, Stripe, Salesforce, Google Sheets, warehouses) yet declares no required environment variables, credentials, or authentication guidance. That is a proportionality/metadata gap: a legitimate ETL skill normally documents how to provide API keys, OAuth tokens, or DB connection strings.
Instruction Scope: noteSKILL.md contains concrete example code (requests, pandas, CSV reads/writes, cron/bash) which stay within ETL scope. The examples reference local paths (data/*.csv, logs/) and API calls with Authorization headers — no explicit instructions to read unrelated system secrets or arbitrary host files are present. However the document is truncated and contains an obviously broken/partial shell command ("mkdir -") and ellipses, indicating the shipped instructions are incomplete/sloppy. The examples also implicitly require secret tokens but do not instruct secure handling, increasing risk that users will paste secrets into chat or code.
Install Mechanism: okInstruction-only skill with no install spec and no code files — the lowest-risk install profile. Nothing is written to disk by an installer and there are no obscure download URLs or package installs baked into the skill itself.
Credentials: concernThe skill declares no required env vars or primary credential despite explicitly showing usage patterns that require API tokens and DB credentials. This is a mismatch: the skill will in practice need secrets to access third-party APIs and warehouses. Because the skill lacks guidance on credential handling, an inexperienced user might share keys insecurely (e.g., in chat) or grant overly broad credentials. No config-path requirements are listed, but absence of declared secrets is surprising given the stated integrations.
Persistence & Privilege: okalways is false and there is no install-time persistence. Model invocation is allowed (the platform default) which means the agent could call the skill autonomously, but that is expected and not by itself a red flag here. The skill does not request modification of other skills or global agent settings.