Is trello safe?

https://clawhub.ai/steipete/trello

82
SAFE

This is a documentation-only Trello API integration skill with no executable code, no install hooks, and no malicious behavior detected. The only notable concern is that API credentials are passed as URL query parameters (standard for the Trello API) which creates credential exposure in agent contexts. The skill performed a clean install with no network activity or filesystem side effects.

Category Scores

Prompt Injection 90/100 · 30%
Data Exfiltration 65/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 70/100 · 5%

Findings (6)

MEDIUM API credentials passed as URL query parameters -25

All curl examples pass TRELLO_API_KEY and TRELLO_TOKEN as query parameters in the URL. When an LLM agent executes these commands, the credentials will be visible in shell history, process listings (ps), and potentially in proxy/server logs. This is the standard Trello API pattern but represents a credential exposure risk in the agent context.

LOW Full Trello account access via token -10

The skill notes that 'The API key and token provide full access to your Trello account.' An agent with this skill active could read all boards, lists, and cards, and create/modify/archive cards. While this is the intended functionality, it grants broad access scope.

LOW Agent could perform destructive Trello operations -15

The skill teaches the agent to archive cards and modify board state. A confused or prompt-injected agent could archive cards or move them to wrong lists. No confirmation/safety mechanisms are documented.

INFO Skill is purely documentation with no executable code -5

The entire skill consists of a single SKILL.md file with curl examples and metadata files. There are no scripts, no install hooks, and no code that executes autonomously. All actions require the agent to explicitly run curl commands.

INFO Clean markdown with no hidden content -10

SKILL.md contains straightforward API documentation. No HTML comments, invisible unicode characters, base64-encoded content, or obfuscated instructions were found.

INFO Clean install with no side effects -5

Installation produced no network activity, no process spawning, and no filesystem changes outside the skill directory. All monitored filesystem events are standard OS-level library/config reads during the git clone process.