v2.0.0

Skill

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:02 AM.

Analysis

This appears to be a coherent Sooda connector, but review is recommended because it sends user messages to third-party agents and its curl templates could mishandle unescaped user-provided text.

GuidanceInstall only if you intend to use Sooda as a third-party relay. Protect the SOODA_API_KEY, avoid sending unnecessary sensitive data, verify the target business agent, and ensure the agent uses safe JSON/shell escaping rather than blindly inserting user text into curl commands.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceMediumStatusConcern

SKILL.md

Run the signup call inline: curl ... -d '{"email":"USER_EMAIL_HERE"}' ... Replace `USER_MESSAGE_HERE` with the user's message

The primary instructions build shell curl requests from user-provided email and message content, but the artifact does not instruct the agent to JSON-escape or shell-escape those values.

User impactIf the agent substitutes text literally, special characters in a message or email could break the JSON request or potentially cause unintended local shell/API behavior.

RecommendationUse a safe HTTP/JSON client or pass JSON through a properly encoded file/stdin, escape user-controlled fields, validate the target agent name, and require user confirmation before sending transactional requests.

Agentic Supply Chain Vulnerabilities

SeverityInfoConfidenceHighStatusNote

metadata

Source: unknown; Homepage: none

The registry metadata does not provide an upstream source or homepage, which limits independent provenance checks for a skill that handles credentials and third-party relay traffic.

User impactIt may be harder to verify who maintains the skill or where to review provider documentation before entering an email or API key.

RecommendationVerify the Sooda domain and skill owner through a trusted channel before using the signup flow or storing an API key.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

SKILL.md

requires": { "env": ["SOODA_API_KEY"], "bins": ["curl"] } ... Authentication via Bearer token (`SOODA_API_KEY`)

The skill requires and uses a bearer API key to access the user's Sooda connections, which is expected for this integration but still represents delegated account authority.

User impactAnyone who obtains the API key may be able to contact the user's connected Sooda agents within that key's scope.

RecommendationKeep SOODA_API_KEY secret, avoid pasting it into unrelated chats or logs, and rotate it if it may have been exposed.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

SKILL.md

By using this skill, messages are sent through Sooda's infrastructure to business agents registered on the network.

The skill clearly discloses an agent-to-agent relay through Sooda and partner agents; this is central to the purpose, but it is still an external data-sharing path.

User impactConversation content, context IDs, and intended business requests may be visible to or acted on by Sooda-connected agents.

RecommendationOnly send information you intend to share with Sooda and the named business agent, and confirm the target agent before relaying sensitive or high-impact requests.