Is trello safe?

https://clawhub.ai/skill/trello

82
SAFE

This is a documentation-only Trello API skill that provides curl command templates for managing boards, lists, and cards. It contains no executable code, no install hooks, and no prompt injection attempts. The primary risk is the broad credential scope (full Trello account access via API token) and the use of URL query parameters for credential transmission, which is standard for the Trello API but increases logging exposure.

Category Scores

Prompt Injection 90/100 · 30%
Data Exfiltration 70/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 85/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 65/100 · 5%

Findings (5)

MEDIUM API credentials passed as URL query parameters -15

All curl examples pass TRELLO_API_KEY and TRELLO_TOKEN as URL query parameters rather than in request headers. URL query parameters are more likely to be logged in shell history, web server access logs, proxy logs, and browser history. While this follows Trello's own API documentation pattern, it increases credential exposure risk.

LOW Full Trello account access via API token -15

The skill requires a Trello API token that provides full read/write access to the user's entire Trello account. The skill's own documentation notes: 'The API key and token provide full access to your Trello account - keep them secret!' While this is necessary for the skill's functionality, it represents a broad permission scope.

LOW Credential exposure to co-installed skills -20

Environment variables TRELLO_API_KEY and TRELLO_TOKEN would be accessible to any other skill or process running in the same agent environment. A malicious co-installed skill could read and exfiltrate these credentials without this skill's knowledge.

INFO No prompt injection vectors detected -10

The SKILL.md contains straightforward API documentation with curl examples. No hidden instructions, persona overrides, or manipulation attempts were found. The frontmatter metadata is minimal and appropriate.

INFO Clean installation with expected network activity only -15

Installation produced only expected artifacts: ClawHub registry connection for download, jiti cache files from the CLI, and standard system-level network traffic (mDNS, DNS, CUPS). No skill-initiated network connections or unexpected filesystem modifications were observed.