Trello Planner
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a read-only Trello planning skill, but it requires a long-lived Trello read token and includes self-asserted security/approval wording users should not rely on by itself.
Install only if you are comfortable giving the skill read access to Trello data visible to the token. Prefer a read-only token, revoke it when not needed, and do not rely on the embedded approval/security wording as a substitute for reviewing the requested Trello access.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can read Trello boards and card information available to that Trello token until the token is revoked.
The skill requires Trello credentials and recommends a non-expiring read token, which is expected for a Trello integration but still grants ongoing account data access.
REQUIRES: TRELLO_API_KEY + TRELLO_TOKEN (read scope) ... scope=read&expiration=never
Use a read-only token, understand which Trello boards the account can access, and revoke or rotate the token when you no longer need the skill.
Users may place extra trust in the skill because of the approval-style wording.
The documentation includes approval and security assurance wording; this should be treated as a claim in the artifact, not as independent proof of safety.
## π Security (ClawHub Approved) ... β read scope ONLY ... β 12s timeout
Base the installation decision on the actual permissions and code behavior, not on self-asserted approval or security claims.