v1.0.3

Web Design Lead Qualifier

SuspiciousClawScan verdict for this skill. Analyzed Apr 30, 2026, 12:53 PM.

Analysis

The skill is mostly aligned with lead research, but it asks to install and run local browser/Python tooling outside the declared install process and has an unexplained purchase-related capability signal.

GuidanceBefore installing, make sure you are comfortable with it creating a local reports directory, copying and running a Python helper, and optionally installing Playwright plus Chromium. Use a virtual environment if possible, choose a private reports path, avoid granting purchase-related authority, and treat the Professional Edition messaging as advertising.

Findings (6)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

mkdir -p <chosen-directory>/reports/qualifications
...
python3 <reports-directory>/fetch_site.py <url>

The skill instructs shell execution using user-chosen directories and user-supplied URLs, but the command examples do not show quoting, escaping, or safer argument handling.

User impactIf a path or URL is handled unsafely by the agent shell, local commands could behave unexpectedly or fail in unsafe ways.

RecommendationUse a trusted, simple reports path; avoid unusual shell characters in URLs or paths; the publisher should update instructions to quote arguments and prefer non-shell tool invocation.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceHighStatusConcern

SKILL.md

pip3 install playwright==1.59.0 && python3 -m playwright install chromium

The skill is presented as having no install spec, but its runtime setup downloads a Python package and Chromium browser binary.

User impactInstalling external packages and browser binaries changes the local environment and introduces dependency provenance risk.

RecommendationInstall only after explicit approval, preferably in a virtual environment; the publisher should move dependencies into a formal install spec and document provenance, hashes, and rollback steps.

Unexpected Code Execution

SeverityLowConfidenceHighStatusNote

scripts/fetch_site.py

browser = p.chromium.launch(headless=True)
page.goto(url, wait_until="domcontentloaded")

The helper launches headless Chromium and loads the target site, which is expected for JS-rendered site analysis but still executes browser-based web content.

User impactThe skill performs active local code/browser execution rather than only reading text instructions.

RecommendationRun it from a low-privilege environment and keep Playwright/Chromium updated; avoid crawling sites you do not want opened from your machine.

Human-Agent Trust Exploitation

SeverityLowConfidenceHighStatusNote

SKILL.md

Track this lead — WebClient Studio Professional Edition adds pipeline tracking, proposal generation, and client onboarding. Search **webclient-studio** by **99rebels** on Agensi.io.

The report template includes a built-in promotion for a Professional Edition, which is not necessary for the qualification report itself.

User impactReports may include marketing language that could influence the user's next action.

RecommendationTreat the Professional Edition text as an advertisement and remove it from reports if it is not wanted.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceMediumStatusConcern

capability signals

- can-make-purchases

A purchase-related capability is signaled even though the skill's stated purpose is researching websites and writing lead qualification reports.

User impactThe skill may be associated with authority that is broader than needed for lead research.

RecommendationDo not grant purchase authority to this skill unless the publisher clearly explains why it is needed and how purchases require explicit user approval.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

SKILL.md

Save to `<reports-directory>/reports/qualifications/<company-slug>-<YYYY-MM-DD>.md`

The skill stores qualification reports persistently in a local reports directory.

User impactLead research, company notes, and generated recommendations may remain on disk across sessions.

RecommendationChoose a private reports directory, review stored reports before sharing, and delete reports that should not persist.