Skillv1.0.0

ClawScan security

browser-session-curator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 12, 2026, 7:27 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally coherent: it only needs python3, uses an auditable local script and resource file, and its declared behavior matches the files and runtime instructions.
Guidance: This skill appears safe and coherent, but exercise normal caution: review the bundled script before running (it's short and local), and only provide tab dumps/JSON that don't include sensitive tokens, session cookies, or private content you don't want processed. The script uses simple title keyword heuristics and won’t contact the network—test it on a small sample first and confirm outputs before taking bulk or destructive actions.

Purpose & Capability: okName/description (curating tabs into digest/tasks/archive) match the included files and declared requirements. Requiring only python3 is proportional to the stated purpose; no unrelated credentials, binaries, or config paths are requested.
Instruction Scope: okSKILL.md instructs the agent to ask for tab lists and optional parameters, use the local script and resource file, and prefer preview/simulation before destructive actions. It does not direct reading of unrelated system files, nor transmission to external endpoints.
Install Mechanism: okNo install spec is provided (instruction-only plus a bundled local script). That is the lowest-risk model; the included script is small, plain-text, and local.
Credentials: okNo environment variables, credentials, or special config paths are requested. The skill's I/O is explicit (it reads a user-supplied JSON file and writes a digest), which is appropriate for its function.
Persistence & Privilege: okalways is false and the skill does not request persistent system privileges or modify other skills. It does not assert any background or autonomous persistence beyond normal agent invocation.