Skillv1.4.3

ClawScan security

Thrd Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 22, 2026, 6:24 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: Files, env vars, and runtime instructions are coherent with an agent-focused email integration (thrd.email); the skill only asks for the expected THRD_API_KEY and uses Python scripts to call the thrd API.
Guidance: This skill appears to do what it says: provision and operate a dedicated agent inbox on thrd.email. Before installing, consider the following: (1) Keep THRD_API_KEY in a secure runtime secret store (the scripts advise this); only use --reveal-api-key in a trusted terminal. (2) The poll daemon and openapi sync write small local files (.thrd_cursor and .cache/openapi.json) — ensure the agent runtime can accept these files and their locations are acceptable. (3) SKILL.md includes a pip install step (requests only); confirm you want to run pip in the agent environment. (4) Metadata minor inconsistencies exist (no registry install spec, primary credential not declared), but they are not significant for security. If you need stronger assurance, ask the publisher for a provenance/homepage link or run the scripts in an isolated environment and inspect network traffic to ensure they only contact api.thrd.email.

Review Dimensions

Purpose & Capability: okName/description (provision/manage an agent inbox via thrd.email) match the actual artifacts: Python scripts call https://api.thrd.email endpoints and requirements list python3 and THRD_API_KEY. The requested binaries and env var are appropriate for this purpose.
Instruction Scope: noteSKILL.md and scripts instruct the agent to run onboarding, checkout, openapi sync, and a poll daemon. These scripts only interact with the thrd.email API and write two local artifacts: a cache for openapi.json (.cache/openapi.json) and a cursor file (default .thrd_cursor). Onboarding intentionally redacts the API key unless --reveal-api-key is used. The instructions explicitly warn not to persist API keys. Note: onboarding can run without THRD_API_KEY (it provisions and returns a key), while other tools require it — SKILL.md documents this distinction.
Install Mechanism: okThere is no registry install spec, but SKILL.md suggests running `pip install -r requirements.txt`. requirements.txt lists only 'requests'. This is a low-risk, standard dependency; the install action is local and transparent. (Minor inconsistency: registry metadata listed no install, but the skill provides an install command in SKILL.md.)
Credentials: noteOnly THRD_API_KEY is required, which is proportional to an API-based email tool. Two minor metadata inconsistencies: the registry 'primary credential' field is empty despite THRD_API_KEY being the primary secret, and SKILL.md correctly notes onboarding does not require the env var while other scripts do. No other unrelated secrets or config paths are requested.
Persistence & Privilege: okThe skill does not request elevated privileges or permanent platform presence (always:false). It writes only its own cache and cursor files and does not attempt to modify other skills or global configs. Autonomous invocation (model invocation allowed) is the platform default and not by itself concerning here.