Skillv1.0.0

ClawScan security

My Browser Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 16, 2026, 2:16 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, manifest, and instructions are coherent with its stated purpose (automating browsing with Playwright); it requests no unrelated credentials and its filesystem/network actions match its description.
Guidance: This skill appears to do what it says: load pages with Playwright, return titles, and save screenshots to /tmp/screenshot.png. Before installing, be aware that: - npm install will download Playwright and browser binaries (large downloads and install scripts). - The skill will load arbitrary URLs you provide; those pages can run arbitrary JS inside the browser context—avoid visiting untrusted or attacker-controlled URLs or restrict inputs. - Screenshots are written to /tmp; the skill does not read other files or require secrets. If you want stricter safety, only allow the skill to run for trusted inputs, or disable autonomous invocation so it runs only when you explicitly call it.

Review Dimensions

Purpose & Capability: okName/description, skill.json permissions, SKILL.md, and index.js align: the code uses Playwright to visit a URL, return the page title, and optionally take a screenshot. package.json lists playwright as a dependency which is expected for a Playwright-based skill.
Instruction Scope: noteSKILL.md is minimal but consistent with the implementation. The README does not mention that screenshots are written to /tmp/screenshot.png or warn that visiting arbitrary URLs runs remote page JS; those are expected behaviors but the documentation could be clearer about filesystem writes and the security implications of loading untrusted pages.
Install Mechanism: noteThere is no explicit install spec (instruction-only), but package.json/package-lock.json include 'playwright' from the public npm registry (registry.npmjs.org). Installing will pull Playwright and its browser binaries (and may run package install scripts). This is a standard source but has heavier install side-effects (large browser downloads) than a pure-js library.
Credentials: okThe skill declares no required environment variables or external credentials. skill.json grants network and filesystem permissions which are proportional to browsing and saving screenshots. No unrelated secrets or config paths are requested.
Persistence & Privilege: notealways is false and the skill is user-invocable (normal). The skill can be invoked autonomously (disable-model-invocation: false) which is standard for skills; because it has network and filesystem access, allow autonomous invocation only if you trust the agent's triggers and inputs.