Skillv1.0.0

ClawScan security

Oura Cli · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 12, 2026, 7:48 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill is a genuine Oura CLI implementation and mostly consistent with its purpose, but the package metadata and SKILL.md omit important runtime requirements (OAuth client credentials, local config storage, and a build/install step), so there are coherence gaps you should be aware of before installing or running it.
Guidance: What to consider before installing or running this skill: - The bundled code is a normal Oura CLI: it uses OAuth and will store your Client ID/Secret and tokens in ~/.config/oura-cli/config.json. If you run it, expect local persistent storage of credentials and tokens. - The registry metadata omitted required env vars and an install/build step. Before running any binary, either build the included source locally (go build ./cmd/oura) or inspect the code yourself. Do not run an unreviewed prebuilt binary. - The auth flow starts a temporary HTTP server on localhost:8080 to receive the OAuth callback; that can interfere with existing services using that port. If you do authentication, prefer creating a dedicated Oura app with minimal scopes and revoke the app afterwards if you don't trust it. - If you only want agent-driven answers (without giving real credentials), avoid providing your production Oura client secret. Consider testing with a throwaway account or running the CLI in an isolated environment (container or VM). - The mismatches (no declared env vars, no install steps) are likely sloppy metadata rather than malicious intent, but they reduce transparency. If you plan to use this skill, inspect the source files provided and confirm you are comfortable with the local config behavior and OAuth scopes before proceeding.

Review Dimensions

Purpose & Capability: okThe code and SKILL.md implement an Oura Ring CLI that queries the Oura V2 API and returns JSON — this matches the expected purpose. There are no unrelated network endpoints or unrelated credentials requested in the source. Functionality (sleep, activity, readiness, heartrate, etc.) aligns with the stated capability.
Instruction Scope: noteThe SKILL.md instructs the agent to run a local binary (./oura) and to resolve dates and parse JSON responses — that stays within the Oura-CLI purpose. However, invoking the CLI will read/write the user's config at the standard config directory (~/.config/oura-cli/config.json) and the auth flow starts a local HTTP server on port 8080 to receive OAuth callbacks. The SKILL.md does not explicitly mention the local server or persistent config file behavior, which is relevant runtime scope.
Install Mechanism: noteNo install spec is provided in the registry (instruction-only), but full Go source files are bundled and the README documents a 'go build' workflow. The SKILL.md assumes a built ./oura binary is present; the absence of an install/build step in metadata is a mismatch but not inherently malicious. Risk is low provided you build/review the included source yourself; running pre-built binaries without inspection would be higher risk.
Credentials: concernRegistry metadata declares no required environment variables, but the code and README legitimately use OURA_CLIENT_ID and OURA_CLIENT_SECRET (and may read them from env or prompt). The tool also stores OAuth tokens and secrets in the user's config directory (~/.config/oura-cli/config.json). The omission of these env requirements and the config path from metadata is an inconsistency that affects sensitive data handling and should be disclosed to users.
Persistence & Privilege: okThe skill does not request always:true and does not modify other skills or system-wide settings. It does persist its own config (client id/secret, access/refresh tokens) under the user's config directory, and its auth flow opens a local HTTP listener on port 8080 during login — both are normal for an OAuth CLI but worth noting as side effects.