Skillv1.0.11

ClawScan security

adspower-browser · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 24, 2026, 6:18 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requests and runtime instructions are consistent with an AdsPower CLI integration, but it relies on an external npm package (no registry install spec or homepage provided) and exposes high-power browser automation commands that you should only grant to trusted code and credentials.
Guidance: This skill appears to do what it says (manage AdsPower profiles and run browser automation), but before installing or granting access you should: 1) Verify the npm package (adspower-browser) publisher and source — there is no homepage/source URL in the registry metadata here. 2) Inspect the npm package code (or prefer npx to avoid global install) and check downloads/maintainer reputation. 3) Only provide ADS_API_KEY or run the CLI on machines/accounts you trust — the tool can read cookies, profile data, and execute arbitrary JS in automated pages (which could leak data). 4) If you need to limit blast radius, run the CLI in an isolated environment (VM/container) and use a dedicated AdsPower account with limited data. 5) If you want higher assurance, ask the skill author for the package repository/homepage or a signed release before installing.

Review Dimensions

Purpose & Capability: okThe name/description match the instructions: the SKILL.md documents the adspower-browser CLI and a comprehensive set of AdsPower operations (open/close/create/update/delete profiles, groups, proxies, kernel downloads, automation via ws). The declared registry metadata shows no conflicting requirements (no unrelated env vars or binaries).
Instruction Scope: noteInstructions stay within AdsPower management and automation scope. They explicitly tell the user/agent how to start the CLI, pass an API key/ADS_API_KEY, and use commands that can read profile cookies, user-agent, fingerprints, download kernels, and attach Playwright-like automation (evaluate-script, get-page-html/text, screenshot). Those automation capabilities are expected for this tool but are powerful — they allow reading page content and running JS in pages, which could be used to exfiltrate data if misused.
Install Mechanism: noteThe skill is instruction-only (no install spec), but SKILL.md tells users to install the tool via 'npm install -g adspower-browser' or run with npx. That means runtime code comes from the public npm package; installing/running that package will execute external code not reviewed here. Additionally, the skill metadata provides no homepage or source URL, reducing ability to audit the referenced npm package.
Credentials: okThe skill itself does not declare required environment variables. The documentation correctly references ADS_API_KEY and optional --api-key/--port flags for contacting the local AdsPower API; those are proportional to the stated functionality. No unrelated credentials or config paths are requested by the skill files.
Persistence & Privilege: okThe skill does not request always:true or any special system-wide persistence. It allows autonomous invocation (platform default), which is normal — combined with the tool's high-capability commands this increases impact but is standard for integration skills.