Skillv1.0.2

ClawScan security

Backlog Grooming · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousApr 27, 2026, 5:15 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The instructions claim to groom Google Tasks but do not declare any Google credentials, APIs, or implementation details — the skill relies on an opaque 'workflow_backlog_grooming' plugin and lacks the expected authentication or provenance information.
Guidance: This skill is missing critical implementation details. Before installing, ask the publisher these questions: (1) What is 'workflow_backlog_grooming'? Is it a platform-provided plugin or third-party code? (2) Which Google account and OAuth scopes will it use to read/write Google Tasks? Provide the exact auth flow or platform-managed credential mechanism. (3) Where do logs/audit records for grooming operations appear and who can view them? (4) Why is there no homepage, source, or contact info for the owner ID? If you can't get clear answers, test only with a dummy/non-production Google account, or decline installation. Never grant full Google account credentials; prefer scoped OAuth consent and confirm least-privilege access.

Purpose & Capability: concernThe skill description says it manages Google Tasks, but the manifest declares no Google credentials, no required env vars, and no binaries. A task-management integration normally needs OAuth credentials/scopes or a documented backend; that required access is not present or explained.
Instruction Scope: concernRuntime instructions simply tell the agent to execute a native plugin tool named 'workflow_backlog_grooming' with an empty JSON payload and validate the tool's JSON response. The SKILL.md does not document what that plugin is, where it runs, which account it uses, or what data will be read/modified — making the runtime behavior opaque.
Install Mechanism: okThere is no install specification and no code files; the skill is instruction-only, so nothing is written to disk during install. This is the lower-risk install model.
Credentials: concernNo environment variables, credentials, or config paths are declared despite the skill's stated need to operate on Google Tasks. Either the plugin runs with platform-managed credentials (not disclosed) or the skill omits required auth — both are notable gaps.
Persistence & Privilege: okThe skill is not marked always:true and uses default invocation settings. It does not request elevated platform persistence or modify other skills' configuration in the provided instructions.