ClawHub
Back to skill
v1.0.0

Build Smart Lists

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:25 AM.

Analysis

The skill is aligned with creating HubSpot marketing lists, but it includes an API script that uses an undeclared HubSpot token and implements different, less protective list logic than the instructions describe.

GuidanceReview carefully before installing or running. If you use the script, provide only a least-privilege HubSpot token, confirm the target portal, preview the exact lists and filters, and do not treat the generated marketing-contact list as a compliant sendable list until unsubscribe, bounce, email-known, and quarantine exclusions are included.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
scripts/execute.py
Create 10 core HubSpot lists via the Lists API (v3).
...
All lists are DYNAMIC (auto-updating smart lists).

The script is designed to create HubSpot objects through an external API. That mutation authority is aligned with the skill's purpose, but it is high-impact and not reflected in the declared requirements/capabilities.

User impactA user could end up with new persistent HubSpot lists created in the wrong account or with unreviewed definitions.
RecommendationAdd a dry-run/preview mode, explicit confirmation before creation, clear rollback instructions, and metadata that declares the HubSpot API capability.
Human-Agent Trust Exploitation
SeverityHighConfidenceHighStatusConcern
scripts/execute.py
"name": "All Marketing Contacts",
...
"property": "hs_marketable_status",
...
"value": "true"

SKILL.md describes the master sendable list as including unsubscribe, bounce, known-email, and quarantine exclusions, but the script's corresponding marketing-contact list only shows the marketable-status filter. This creates a misleading gap between the documented safety logic and the automated implementation.

User impactIf users rely on the script-created list as the sendable audience, they may omit important consent/deliverability exclusions such as unsubscribed, bounced, or quarantined contacts.
RecommendationAlign the script with the documented 'Marketable - Active' filters or clearly state that the script creates a different list that is not sufficient as a master sendable list.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
scripts/execute.py
# dependencies = [
#   "requests>=2.31",
#   "python-dotenv>=1.0",
# ]

The script declares Python dependencies using minimum-version ranges, while the install metadata says there is no install spec. This is not suspicious by itself, but users should know extra packages are needed if they run the script.

User impactRunning the script may install or depend on packages that are not surfaced in the registry requirements.
RecommendationDeclare the runtime dependencies in the install metadata and consider pinned versions or a lockfile for reproducible execution.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityHighConfidenceHighStatusConcern
scripts/execute.py
TOKEN = os.environ["HUBSPOT_ACCESS_TOKEN"]
HEADERS = {
    "Authorization": f"Bearer {TOKEN}",

The included script requires a HubSpot access token and uses it as a bearer credential, but the registry metadata declares no required environment variables and no primary credential.

User impactRunning the script would give it delegated access to a HubSpot account and allow it to make CRM/list changes under that account's permissions.
RecommendationDeclare the HubSpot credential requirement, required scopes, and least-privilege guidance; require the user to confirm the target portal and token before any API-based changes.