Skillv0.0.2

ClawScan security

webpage-reader-skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 12, 2026, 8:13 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill appears to do what it says (use a headless Chrome to download and summarize webpages); it has no hidden endpoints or secret access requests, though it will attempt to call system package managers to install Chrome and has minor implementation bugs you should be aware of.
Guidance: This skill appears coherent with its description, but check these points before installing: - The skill will execute Google Chrome headless to fetch arbitrary URLs you supply — that means the host will make outbound network requests to those sites. - If Chrome is missing the skill may run package-manager commands (apt-get/dnf/brew) which can require sudo and may prompt the user; consider installing Chrome yourself beforehand to avoid unintended privilege elevation attempts. - There are minor implementation bugs (macOS detection and Linux distro detection) that may prevent automatic installation — no evidence of malicious behavior, just brittle code. - Logs are written to console; the downloaded HTML is read into memory and returned by the skill. If you plan to process sensitive URLs/content, review the code and consider running the skill in a sandboxed environment. If you want higher assurance, run a quick code review or test in an isolated environment (VM/container) and ensure Chrome is pre-installed so the skill won't attempt package installs.

Review Dimensions

Purpose & Capability: okName/description match the delivered code and instructions: the skill uses Chrome headless to fetch HTML, summarize it, and uses temporary files. No unrelated credentials, binaries, or services are requested.
Instruction Scope: noteSKILL.md and the code instruct the agent to check for Chrome and attempt installation if missing; the runtime does exactly that. Minor mismatches/bugs exist (e.g., macOS chrome detection uses 'which chrome' and Linux distro detection relies on platform.dist(), which is removed in modern Python), so automatic installation may fail on some systems. The instructions ask the agent to run package-manager commands (apt/dnf/brew) which is within scope but requires elevated privileges when invoked.
Install Mechanism: noteThere is no install spec in the registry (instruction-only), which is low-risk. At runtime the code may call system package managers (apt-get, dnf, brew) via subprocess to install Chrome; these calls are local and standard but require sudo/privilege and could prompt the user. No downloads from untrusted URLs or archive extraction are present in the repository.
Credentials: okThe skill requests no environment variables or external credentials. It inspects a few OS environment paths (PROGRAMFILES, LOCALAPPDATA) only to detect Chrome on Windows, which is reasonable for its purpose.
Persistence & Privilege: okalways is false and the skill does not modify other skills or system-wide agent settings. It uses temporary directories for files and cleans up via tempfile.TemporaryDirectory.