claude-connect

Overall, the skill description is purpose-aligned and coherent for a Claude-Clawdbot OAuth sync tool. The main concerns are token exposure due to multiple storage points, the reliance on macOS-specific tooling, and the need for securely handling optional notification credentials. It is suspiciously practical and potentially risky if not properly secured, but not inherently malicious based on the provided description. Recommend tightening secret handling (e.g., limiting JSON exposure, scoped Keychain access, encrypted storage for token caching), clarifying required credentials (bot token handling), and ensuring robust TLS validation and error handling in the refresh flow.