Back to skill
Skillv1.2.7
ClawScan security
Thrd Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 16, 2026, 3:39 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements, scripts, and runtime instructions are coherent with an agent-dedicated email integration for thrd.email; no signs of hidden exfiltration or unrelated credential requests were found, though a few minor operational cautions apply.
- Guidance
- This skill appears to do exactly what it claims: provisioning and managing an isolated agent inbox on thrd.email. Before installing, verify the skill source/owner (no homepage is listed and the source is 'unknown'), and prefer installing/testing in a sandboxed runtime. Store THRD_API_KEY in your platform's secret manager rather than as a literal env var in shared shells or logs. Be aware that onboarding prints the new api_key to stdout (machine-readable) — if your runtime captures stdout to logs, copy the key immediately into your secret store and rotate it if needed. Review and approve the small pip dependency (requests). If you require stricter containment, run the scripts in an isolated environment and confirm that the default cache (.cache) and cursor files are stored where you expect.
Review Dimensions
- Purpose & Capability
- okName/description (provision and manage an agent inbox) align with the requested resources: python3 and a single service API key (THRD_API_KEY). Required binaries, env var, endpoints, and included scripts are consistent with an email API client and onboarding/polling functionality.
- Instruction Scope
- noteSKILL.md only instructs use of included scripts and controlled API endpoints (api.thrd.email) and explicitly warns not to write API keys to disk. One operational risk: scripts/onboard.py prints the newly provisioned api_key to stdout as machine-parsable JSON (then asks user to store it in a secret manager). That is convenient but means the API key could be captured in logs or stdout collectors if the runtime captures stdout; users should treat that output as sensitive.
- Install Mechanism
- okNo complex install procedure; metadata suggests running 'pip install -r requirements.txt' which only pulls 'requests' from PyPI. This is a standard, expected dependency for these scripts and not disproportionate.
- Credentials
- okOnly THRD_API_KEY is required and used where expected (checkout.py and poll_daemon.py check it; onboarding does not require it). The number and type of env vars are proportional. Minor metadata inconsistency: the registry metadata lists no primary credential while the skill does require THRD_API_KEY.
- Persistence & Privilege
- noteThe skill does persist non-secret runtime state: it writes an OpenAPI cache under .cache/openapi.json and a cursor file (.thrd_cursor) by default. It does not write API keys to disk, per the author, but printing the api_key to stdout could lead to leakage via logs. always:false and normal autonomous invocation settings are appropriate.