Identitygram Signin
PassAudited by ClawScan on May 10, 2026.
Overview
This is a straightforward IdentityGram sign-in wrapper, but it handles passwords and returns authentication tokens, so users should only use it if they trust the endpoint and publisher.
Before installing or using this skill, confirm that you really intend to send your IdentityGram email and password to https://gateway-v2.identitygram.co.uk/auth/signin. Because the response may include access and refresh tokens, treat the output as sensitive and do not paste it into unrelated chats or tools.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used, the agent will receive credentials and/or tokens that could allow access to the user's IdentityGram account.
The skill directly accepts IdentityGram login credentials and returns authentication tokens, including a possible refresh token. This is purpose-aligned for a sign-in skill, but it is sensitive account authority.
body:
email: "{{email}}"
password: "{{password}}"
...
accessToken: "$.accessToken"
refreshToken: "$.refreshToken"Use only when you intentionally want to sign in to IdentityGram, verify the destination domain, and avoid sharing the returned tokens in chats or logs.
It may be harder to confirm who published or maintains the skill before trusting it with a password.
The packaged _meta owner ID differs from the registry metadata owner ID shown for the skill, while the registry also lists the source as unknown and no homepage. This is a provenance gap, especially relevant because the skill handles login credentials.
"ownerId": "kn70j4ejnwqjpykvwwvgymmdcd8055qp"
Verify that the publisher and IdentityGram endpoint are legitimate before entering credentials.