Skillv1.0.2

ClawScan security

hoseo-lms · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 8, 2026, 1:07 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The code largely matches an LMS scraper/player, but there are important inconsistencies (undeclared Playwright/browser dependency, omitted install steps, and a 'read-only' claim that conflicts with automation that can change server-side state); proceed with caution.
Guidance: This skill mostly does what it says (scrapes course info and automates video playback), but there are practical and security concerns you should weigh before installing: - Dependency gap: The code uses Playwright (and thus a browser runtime) but the skill metadata only lists python3. You will likely need to pip install the requirements and run 'playwright install' to get browser binaries. Be careful when installing browser binaries on shared machines. - Credential risk: You must provide your LMS ID/password. The skill stores them in ~/.config/hoseo_lms/credentials.json (plaintext). If you proceed, use a dedicated account or rotate/change your password afterward; ensure the file permissions are set as instructed (chmod 600). - Read-only claim is misleading: The auto_attend automation performs UI actions (login, clicks, accepts dialogs, plays videos). Even if the code does not explicitly submit attendance, automating playback can cause the LMS to record views/attendance. Do not assume this tool cannot affect your LMS records. - Audit and test: If you don't fully trust the source, inspect the code (it is included) and test in a safe environment or with a throwaway account first. Confirm the exact behavior on a non-critical account before using real credentials. - If you decide to install: run pip install -r requirements.txt and then run the Playwright installer (e.g., 'playwright install chromium') as directed by Playwright docs, and review any network activity. Consider running the scraper-only parts first (no Playwright) to verify scraping behavior. Given the inconsistencies and potential for unintended server-side effects, only install if you trust the author and accept the credential risk; otherwise treat this as experimental tooling.

Review Dimensions

Purpose & Capability: concernName/description and code mostly align: scraper, summary, and a playback utility are present. However the skill requires Playwright (browser automation) to function but the registry metadata only declares python3; requirements.txt references playwright but no install spec is provided. The README and code expect Playwright/Chromium, which is a significant runtime dependency not declared in the skill metadata.
Instruction Scope: concernSKILL.md and README instruct creating a plaintext credentials file and running the scraper/auto_attend. The SKILL.md repeatedly states 'read-only' and 'no automatic attendance submission', yet auto_attend.py uses Playwright to log in, click lecture links, accept dialogs, and play videos — actions that can cause server-side state changes (attendance or view logs) even if the code doesn't explicitly POST attendance. The instructions grant the tool direct access to user credentials and browser-driven interactions that go beyond passive read-only scraping.
Install Mechanism: concernNo formal install spec is provided in the registry. A requirements.txt (playwright>=1.40) is included and the README notes Playwright/Chromium is required, but the skill metadata does not declare this or provide an automated install step. Playwright requires downloading browser binaries (a high-impact install action) which is not surfaced. The absence of an install specification for Python dependencies is an incoherence and a usability/security risk.
Credentials: noteThe only sensitive data requested is the user's LMS credentials (student id and password), stored by default at ~/.config/hoseo_lms/credentials.json. Requesting these credentials is proportionate to logging into the LMS, but storing them in plaintext on disk is sensitive (the skill suggests chmod 600, which helps). No unrelated environment variables or unrelated service credentials are requested.
Persistence & Privilege: okThe skill does not request always:true and does not require system-wide configuration. It is user-invocable and can be invoked autonomously by the agent (platform default), which is normal. The skill does write a local data.json and credentials file under ~/.config/hoseo_lms, which is expected for this functionality.