Podpoint

AdvisoryAudited by Static analysis on Apr 30, 2026.

Overview

No suspicious patterns detected.

Findings (0)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

NoteHigh Confidence

ASI02: Tool Misuse and Exploitation

What this means

If used with a long timeout, the skill may continue polling Pod Point for an extended period during the task.

Why it was flagged

The watch action repeatedly polls an external endpoint until the timeout is reached. This is expected for a charger watcher, but users should know it can keep an invocation running for the requested watch period.

Skill content

async function podpoint_watch({ podId, intervalSeconds = 30, timeoutSeconds = 900 }) ... while (Date.now() - started < timeout * 1000) { ... await sleep(interval * 1000); }

Recommendation

Use reasonable timeout and interval values, and invoke the watch action only when you actually want ongoing monitoring.