Skillv0.1.0

ClawScan security

Kan.bn TODO API · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 11, 2026, 12:39 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly does what it says (a CLI wrapper for a personal Kan.bn TODO API) but the package metadata omits the credentials it actually needs and the runtime reads ~/.bashrc for exported variables — this mismatch and file access merit caution before installing.
Guidance: This skill appears to implement a legitimate single-user Kan.bn TODO client, but note two things before installing: (1) the registry metadata does not declare the credentials the skill expects — SKILL.md and the script expect KANBN_TOKEN or KANBN_API_KEY — so be prepared to provide those when using the skill; (2) the included script will try to read ~/.bashrc exports as a fallback to discover those credentials, which is convenient but can expose other stored values if your shell RC contains secrets. Recommended actions: inspect the script yourself (it is included) to confirm no unexpected behavior, avoid putting unrelated secrets in ~/.bashrc, consider creating a scoped/ephemeral Kan.bn API key for this skill, test with the self-test command first (no network access), and only supply credentials when you trust the skill source. If you cannot verify the publisher or prefer not to share credentials, do not enable the skill.

Review Dimensions

Purpose & Capability: concernName/description align with a single-user Kan.bn TODO client and the included script implements appropriate API calls. However, the registry metadata declares no required credentials while the SKILL.md and script clearly require either KANBN_TOKEN or KANBN_API_KEY for operation. That mismatch is unexplained and inconsistent.
Instruction Scope: noteRuntime instructions stay focused on single-user TODO workflows and encourage minimal discovery before mutation. They also instruct the agent to use the provided script, which itself attempts to read ~/.bashrc exports as a fallback for auth. Reading ~/.bashrc is limited to extracting the three Kan.bn-related names, but any file read of a user's shell rc is a privacy surface worth flagging.
Install Mechanism: okNo install spec is present (instruction-only skill with an included script). Nothing is downloaded during install; risk from install mechanism is low. The script will be executed if the agent runs it, and it performs network calls to the Kan.bn API.
Credentials: concernThe script requires a Kan.bn bearer token or API key (KANBN_TOKEN or KANBN_API_KEY) and optionally KANBN_BASE_URL; these are proportionate to the task. But the skill registry didn't declare these required env vars or a primary credential, creating an inconsistency that could surprise users. The script's fallback to parse ~/.bashrc to find these values increases the chance of inadvertently exposing secrets stored there.
Persistence & Privilege: okThe skill is not forced into every agent run (always: false), is user-invocable, and does not request elevated or system-wide privileges. It does not attempt to modify other skills or global agent settings.