Skillv1.0.0

ClawScan security

wechat-article-extraction-mp-weixin-qq-com news-webpage-cleaning blog-post-parsing metadata-extraction-title-author-date multiple-output-formats-markdown-json-plain-text batch-processing-support · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 15, 2026, 5:37 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions match its stated purpose (web/article extraction), but provenance and installation details are missing and there are inconsistencies (declared dependencies and a 'browser' engine are not backed by any install or required binaries), so proceed with caution.
Guidance: The skill appears to do what it says, but provenance and implementation details are missing. Before installing or using it: 1) Ask the publisher for the source repository or a definitive install/run plan (how are the listed dependencies and the 'browser' engine provided?). 2) Verify where the code would execute (your machine, OpenClaw-hosted runner, third-party server) and whether extracted content will be transmitted off-site. 3) Confirm the runtime has a headless browser if you expect JS-rendered pages to work. 4) Test with non-sensitive URLs first and avoid sending private pages or secrets through proxy parameters until you trust the implementation. If the publisher cannot provide a code repo or clear install/run instructions, treat the skill as untrusted.

Review Dimensions

Purpose & Capability: noteName/description and the SKILL.md align: it is a web content extractor for WeChat/news/blogs and lists reasonable features (Readability-like extraction, metadata, multi-format output, batch support). Declared dependencies (readability, firecrawl, defuddle) are plausible for this purpose. However, the skill advertises a 'browser' engine (for JS-rendered pages) but does not declare any binaries (headless browser, chrome, puppeteer) or an install spec—an implementation that supports a browser engine would normally require those, so this is an unexplained gap.
Instruction Scope: okSKILL.md contains concrete runtime instructions/examples limited to fetching and extracting public web content. It explicitly excludes login/paywalled/captcha-protected content and states to respect robots.txt. It does not instruct reading unrelated files or environment variables, nor sending data to unexpected external endpoints. The skill allows user-supplied proxy and user-agent configuration, which is reasonable for a fetcher but gives the caller control over network routing.
Install Mechanism: concernThis is an instruction-only skill with no install spec and no code files, but SKILL.md lists NPM-like dependencies and describes multiple engines including a browser engine. There's no guidance where those packages come from, no URLs or package manager instructions, and no declared required binaries (e.g., headless chrome). That inconsistency means it's unclear how or where the declared functionality would be satisfied — a consumer should ask for implementation/install details before trusting it.
Credentials: okThe skill requires no environment variables or credentials and does not request access to system config paths. It exposes parameters for proxy and user-agent; those are user-supplied options and not implicit requests for secrets. This is proportionate to the stated functionality. Note: using a proxy or remote execution environment could expose extracted content to third parties if misconfigured by the user.
Persistence & Privilege: okSkill flags show no elevated privileges: always is false, no install spec creates no persistent binaries, and the skill does not ask to modify other skills or system-wide settings. Autonomous model invocation is enabled (platform default) — combined with the other issues this increases impact but is not itself a misconfiguration.