Skillv1.1.0

ClawScan security

Tor Browser Automation · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 20, 2026, 3:57 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code, instructions, and requirements are coherent with a Tor-enabled headless browser automation tool and do not request unrelated credentials or perform obvious exfiltration, but exercise caution because dark‑web scraping has legal and operational risks.
Guidance: This skill appears to do what it says: automated browsing through a local Tor SOCKS5 proxy using Playwright. Before installing, ensure you: (1) understand and comply with laws and terms of service for sites you access (dark‑web scraping can carry legal risk); (2) run Tor in an isolated environment or VM and avoid running the tool as root; (3) verify Playwright and Tor are installed from official sources; (4) be aware the tool will run arbitrary page interactions you issue (don’t paste secrets into pages you automate); and (5) review the full script in your environment if you need higher assurance (the code is straightforward but I only reviewed the visible portions). If you require the agent to run this autonomously, consider restricting when and what it may browse to limit accidental misuse.

Purpose & Capability: okName/description (Tor headless browser automation) matches the included Python CLI and SKILL.md which require Playwright and a local Tor SOCKS5 proxy. No unrelated services, credentials, or binaries are requested.
Instruction Scope: okSKILL.md instructs installing Tor/Playwright, running the provided CLI and Python API, and references only Tor, Playwright, and local system paths (e.g., /etc/tor/torrc, journalctl). It does not instruct the agent to read unrelated system files or transmit data to unknown external endpoints.
Install Mechanism: okThis is an instruction-only skill with an included Python script; installation steps are standard package installs (apt/brew, pip, playwright install). No downloads from untrusted hosts or archive extraction are present in the metadata or files.
Credentials: okThe skill declares no required environment variables or credentials. The code uses a local Tor proxy by default (socks5://127.0.0.1:9050) and does not request unrelated secrets or external API keys.
Persistence & Privilege: okThe skill is not always-enabled and does not declare elevated privileges or attempt to alter other skills or system-wide agent settings. Model invocation is allowed (the platform default) which is expected for a user-invocable automation skill.