Skillv1.0.3

ClawScan security

Vivid: Open Business Account · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewFeb 24, 2026, 4:53 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill largely matches its stated purpose (generating an onboarding link) but contains ambiguous or missing details about data handling, the schema sent to the remote server, and the claimed 'no-auth/public' endpoint — verify those before use.
Guidance: Before installing/use: 1) Verify the MCP endpoint (https://api.prime.vivid.money/mcp) is legitimate and actually public — ask the vendor or check their official docs/GitHub to confirm whether auth is required. 2) Request the exact onboarding schema: which fields will be sent to the MCP server so you can assess PII exposure. 3) Confirm how 'local' document parsing is implemented by your AI client/runtime — do not upload sensitive documents until you can guarantee raw files are never transmitted. 4) Test with non-sensitive sample data and review the returned onboarding URL behavior. 5) If possible, compare the referenced GitHub repository and Vivid's official docs/privacy policy to ensure the skill is not a misrepresentation. These ambiguities are why the skill is flagged as suspicious rather than benign.

Review Dimensions

Purpose & Capability: noteName/description (generate onboarding link via an MCP server) lines up with the instructions to call a remote build_onboarding_link tool. However the SKILL.md references a schema/table of fields but does not include the actual schema fields. The metadata references a GitHub homepage while the registry metadata said 'homepage: none' — minor inconsistency. The claim that the endpoint is publicly accessible and requires no auth is plausible but unusual for onboarding flows and should be verified.
Instruction Scope: concernThe instructions require local extraction of uploaded documents ('extract the fields locally in the AI client') but provide no mechanism or code for how local parsing should be done; as an instruction-only skill this relies on the host client to truly keep raw documents local. The SKILL.md promises raw documents are never sent, but it's ambiguous whether the runtime environment enforces that. The schema of fields to be sent is referenced but not shown, making it unclear what PII will be transmitted.
Install Mechanism: okInstruction-only skill with no install spec, no packages, and no downloads. This is low-risk from an install/execution perspective.
Credentials: okThe skill requests no environment variables, no credentials, and no config paths. That is proportionate to the stated behavior (calling a public endpoint to generate a link).
Persistence & Privilege: okThe skill is not forced always-on and SKILL.md includes disable-model-invocation: true, which matches the stated rule that it must be invoked only on explicit user request. It does not request persistent system privileges.