Trust Assessment
clawconnect received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Skill grants broad access to sensitive user accounts.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill grants broad access to sensitive user accounts The 'clawconnect' skill provides extensive read and write access to multiple sensitive user accounts including Twitter, Gmail, Calendar, and Slack. This broad access, while central to the skill's purpose as a 'universal connector', significantly increases the risk of data exfiltration, unauthorized communication, or account manipulation if the AI agent is compromised or misused. Endpoints like 'POST /api/v1/twitter/tweet', 'POST /api/v1/gmail/send', and 'GET /api/v1/gmail/messages' demonstrate the ability to perform high-impact actions and access sensitive personal data. Implement strict access controls and user consent mechanisms for AI agents using this skill. Require explicit user confirmation for all sensitive write operations (e.g., sending emails, posting tweets, sending Slack messages) and for accessing highly sensitive read data (e.g., email content, private messages). Ensure robust prompt engineering to prevent prompt injection attacks that could lead to unauthorized use of these powerful capabilities. | LLM | SKILL.md:30 |
Scan History
Embed Code
[](https://skillshield.io/report/3b15d2af6af66f3c)
Powered by SkillShield