Skillv2.0.0

ClawScan security

X News Daily · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 14, 2026, 4:06 PM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The skill's purpose (fetch X.com top-10 and produce screenshots) is plausible, but the runtime instructions require platform-specific binaries/commands (Chrome, macOS screencapture) and file I/O while the skill metadata declares no required binaries, no OS restriction, and no credentials — those mismatches are concerning.
Guidance: Before installing, note these mismatches and ask the skill author to clarify: (1) Which binaries and OS are required? The SKILL.md requires Chrome and macOS screencapture but the metadata lists none and no OS restriction — if you run this on Linux/Windows it may fail or behave unpredictably. (2) How will the agent access X.com (anonymous scraping, API, authenticated requests)? Scraping can hit rate limits or violate terms. (3) How are translations performed (local model vs external API) and are any credentials needed for sending to IM platforms (Telegram, QQ, WeChat)? (4) Where are files written and who can read them? The skill writes local HTML and screenshots — those images could accidentally include sensitive screen content. Recommended actions: request the author to update metadata to declare required binaries and OS, provide explicit instructions for authentication and permissions, and confirm that screenshots are captured safely; only install if you control the host environment (have Chrome and macOS if required) and are comfortable with the skill writing files and executing screenshot commands.

Review Dimensions

Purpose & Capability: concernThe skill claims cross-platform news scraping and image generation but its runtime steps explicitly require Chrome (headless/kiosk) and macOS's screencapture. The registry metadata lists no required binaries and no OS restriction — inconsistent with the documented need for Chrome and macOS utilities. The skill also claims multi-IM delivery without declaring any messaging credentials or explaining how the agent will authenticate to those platforms.
Instruction Scope: concernSKILL.md instructs the agent to visit X.com, extract top-10 results, save an HTML file, open it locally in Chrome (file://), and take screenshots (including macOS screencapture and kiosk usage). Those are system-level operations: writing files, opening a local browser, and running OS commands. The instructions do not declare where files are written, how to authenticate or respect X.com rate limits, nor how to obtain translations (local library vs external API). The explicit macOS-specific step (screencapture) is out-of-scope for a skill with no OS constraint.
Install Mechanism: noteThere is no install spec (instruction-only), which minimizes installer risk. However, the instructions depend on external binaries (Chrome, macOS screencapture) that are not declared — an operator will need to ensure these are present. Because no install steps exist, the skill will attempt to rely on host environment binaries, which increases runtime fragility and potential for surprising behavior if binaries are absent or different versions are present.
Credentials: noteThe skill declares no required environment variables or credentials, yet it expects to access X.com and to send files to various IM services. If the agent or host environment handles messaging/auth centrally, credentials might not be necessary here — but the SKILL.md should document that dependency. The absence of declared credentials is a mismatch that should be clarified before install.
Persistence & Privilege: okThe skill does not request always: true and is user-invocable only. It does perform local file writes (HTML and screenshots) at runtime, but it does not claim to modify system-wide settings or other skills. Autonomous invocation is allowed by default and is not by itself a red flag here.