Skillv2.1.3

ClawScan security

Tmp.SpQgKzelJa · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 10, 2026, 6:15 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's description and runtime instructions promise many assets and integrations (MCP servers, 55 templates, reference dirs, slash-command hooks) but the package is instruction-only with no code, no install, and no declared endpoints — this mismatch is unexplained and worth clarification before use.
Guidance: This skill is instruction-only but claims many assets and hosted components that are not included. Before installing or supplying any credentials: 1) Ask the publisher where the claimed MCP servers, templates, and reference files are hosted and how the slash-commands are wired — request URLs, repository links, or an install artifact. 2) Do not provide TestRail or BrowserStack credentials until you verify the integration endpoints and trust the service. 3) If you let the agent run scaffold/generation commands, review generated files before committing them and run tests in an isolated environment (avoid exposing CI secrets). 4) If the publisher cannot provide the missing code or a clear architecture, treat this package as incomplete/untrusted; prefer a skill that either bundles the templates or documents precise external endpoints and install steps.

Review Dimensions

Purpose & Capability: concernThe SKILL.md claims extensive functionality (two MCP TypeScript servers, 55 templates, 3 agents, reference/ and templates/ directories, and Claude Code slash-commands). The published package contains only SKILL.md (no code, no servers, no templates, no install spec). That mismatch means the skill is promising external resources or generated assets that are not present in the bundle; it's unclear how those capabilities are actually provided.
Instruction Scope: concernInstructions instruct the agent to scaffold configs, generate and modify test files, run local commands (e.g., npx playwright test), and sync/run on external services. They reference local directories (reference/, templates/) and runtime behavior (auto-apply fixes) that do not exist in the package. While the actions themselves are aligned with Playwright tasks, the instructions presume access to project files and optional external services; the skill does not document where its claimed server-side components live or how slash-commands are wired, leaving an operational gap.
Install Mechanism: okNo install spec and no code files are included; that minimizes direct installation risk (nothing is downloaded or written by the skill itself). However, the lack of install mechanism exacerbates the coherence issues because the SKILL.md references components that would normally be installed or hosted.
Credentials: noteSKILL.md shows optional env var examples for TestRail and BrowserStack credentials, which are reasonable for the claimed integrations. The package manifest does not require any env vars (good). Because those credentials are optional and only needed for the corresponding integrations, the requests themselves are proportionate — but you should only provide them if you understand where and how the skill will use them (see purpose/install concerns).
Persistence & Privilege: okThe skill does not request always-on presence (always:false) and does not declare any special system privileges or config paths. Autonomous invocation is allowed (platform default), which is expected for an agent skill. No requests to modify other skills or system-wide settings are present.