privacy-solution-scorecard Security Report — Low Risk | ClawSafe

15 /100

privacy-solution-scorecard

Evaluate and compare privacy solution vendors with a weighted scorecard across 12 criteria

A documentation-only privacy vendor scorecard skill that makes declared curl-based API calls to portal.toolweb.in using an environment variable API key.

Skill Nameprivacy-solution-scorecard

Duration29.4s

Enginepi

✓

Safe to install

Approve for use. The skill is purely declarative (SKILL.md + README.md only) with no executable scripts. Network access and the TOOLWEB_API_KEY environment variable are declared in SKILL.md. No hidden functionality, credential exfiltration, or suspicious patterns detected.

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`NONE`	—	No filesystem access detected
Network	`READ`	`READ`	✓ Aligned	SKILL.md:45 - POST to portal.toolweb.in/apis/compliance/privacy-scorecard via cu…
Shell	`WRITE`	`WRITE`	✓ Aligned	SKILL.md:47 - curl command uses -X POST flags; limited to API calls only, no arb…
Environment	`READ`	`READ`	✓ Aligned	SKILL.md:12 - reads TOOLWEB_API_KEY for API authentication only
Skill Invoke	`NONE`	`NONE`	—	No cross-skill invocation detected
Clipboard	`NONE`	`NONE`	—	No clipboard access detected
Browser	`NONE`	`NONE`	—	No browser access detected
Database	`NONE`	`NONE`	—	No database access detected

7 findings

🔗

Medium External URL 外部 URL

https://toolweb.in

README.md:60

🔗

Medium External URL 外部 URL

https://portal.toolweb.in

SKILL.md:5

🔗

Medium External URL 外部 URL

https://portal.toolweb.in/apis/compliance/privacy-scorecard

SKILL.md:45

🔗

Medium External URL 外部 URL

https://hub.toolweb.in

SKILL.md:218

🔗

Medium External URL 外部 URL

https://toolweb.in/openclaw/

SKILL.md:219

🔗

Medium External URL 外部 URL

https://rapidapi.com/user/mkrishna477

SKILL.md:220

🔗

Medium External URL 外部 URL

https://youtube.com/@toolweb-009

SKILL.md:221

File Tree

2 files · 10.7 KB · 297 lines

Markdown 2f · 297L

├─ 📝 README.md Markdown 60L · 1.4 KB

└─ 📝 SKILL.md Markdown 237L · 9.3 KB

Security Positives

✓ No executable scripts or code files present — purely declarative SKILL.md

✓ Network access (curl to portal.toolweb.in) is explicitly declared in metadata

✓ TOOLWEB_API_KEY environment variable access is declared and scoped to authentication only

✓ curl binary requirement declared in metadata

✓ No credential harvesting or exfiltration patterns detected

✓ No base64 encoding, obfuscation, or anti-analysis techniques

✓ No sensitive path access (~/.ssh, ~/.aws, .env files)

✓ No supply chain risk (no dependencies, package files, or pinned versions)

✓ No persistence mechanisms (no cron, startup hooks, or backdoor installation)

✓ No prompt injection or hidden instructions detected

✓ No remote script execution (curl|bash, wget|sh)

✓ External data exfiltration is limited to the declared API call and necessary for the stated function

Scan Report

File Tree

Security Positives