Caution

trello

Name: trello Security Scan — CAUTION
Item: trello
Rating: 6

https://clawhub.ai/steipete/trello

Risk Score5

Publishersteipete

TypeOpenClaw SKILL

Transparencyhigh

This skill looks like a simple Trello integration guide. It tells the agent or user how to call Trello's official API using an API key and token, and it does not include hidden scripts, hooks, or persistence mechanisms. That said, it still handles real account credentials and makes outbound network requests, so it deserves a cautious review before use. The behavior shown in the package matches its stated purpose, and there is no concrete evidence of malicious activity.

Package Info

SHA-25678c89c6b9a01…

Size3.0 KB

Permission Map

Everything this skill can access, modify, and communicate with on your system.

Reads from

TRELLO_API_KEY and TRELLO_TOKEN from environment variablesUser-supplied Trello board, list, and card IDs embedded into curl commands

Talks to

Permissions Requested

Reads files on your machineCreates and modifies filesSends data to external serversRuns commands on your systemModifies your agent's settingsAccesses other agent sessionsWrites to your workspace filesRuns code on agent eventsCreates child agentsChanges available tools

Network Calls

https://developer.atlassian.com/cloud/trello/rest/https://trello.com/app-keyhttps://api.trello.com/1/members/me/boardshttps://api.trello.com/1/boards/{boardId}/listshttps://api.trello.com/1/lists/{listId}/cardshttps://api.trello.com/1/cardshttps://api.trello.com/1/cards/{cardId}https://api.trello.com/1/cards/{cardId}/actions/commentshttps://api.trello.com/1/boards/{boardId}/cards

trello

Flagged Behaviors (1)

How This Was Analyzed

Next Steps

About this scan

trello

What does this skill actually do?

What security issues were found?

Flagged Behaviors (1)

How was this scan performed?

How This Was Analyzed

Should you install this skill?

Next Steps