Skillv1.0.3

ClawScan security

Chatgpt Image Generation · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 4, 2026, 8:50 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly matches its stated purpose (automating ChatGPT via Playwright to save images) but contains small inconsistencies and misleading instructions (notably about session persistence and the target domain) that you should understand before using it.
Guidance: This skill is mostly coherent but exercise caution before running it. Things to consider: - Playwright will download and run a browser on your machine; ensure you trust the environment where you run it. - The script opens a browser and requires you to manually log into your ChatGPT account; contrary to the README, logins will not persist unless you modify the script to use a persistent user data directory (launchPersistentContext or userDataDir). If you want persistent sessions, add that intentionally and inspect the code. - The script navigates to https://chatgpt.com/ — verify that this is the intended target (you may prefer chat.openai.com). Confirm it matches the service you expect. - The script fetches images by URL found in the page; those resources are fetched over the network and written to disk. Only run with prompts and output directories you control. - Review and test the code locally before giving it access to any sensitive account. If you want persistent login, modify the script explicitly (and inspect any added code) rather than relying on the current misleading README statement. - Be aware that automating a web UI may violate the service’s terms of use; check OpenAI/ChatGPT TOS if applicable.

Review Dimensions

Purpose & Capability: noteThe code and SKILL.md align: both automate a browser with Playwright, send prompts, and save images. However, SKILL.md claims the login session is saved for future runs while the script launches Chromium without a persistent user data directory (so logins will not persist by default). The script also navigates to https://chatgpt.com/ rather than the commonly used chat.openai.com — this could be benign but is worth verifying.
Instruction Scope: okInstructions and code stay within the stated purpose: they read a prompts file, open a browser, interact with the ChatGPT web UI, extract or fetch generated images, write numbered PNGs and a results.jsonl log, and prompt the user to press Enter after a manual login. The code does not reference unrelated files or extra environment variables.
Install Mechanism: okNo install spec in the registry; SKILL.md asks you to run 'npm install playwright' and 'npx playwright install chromium', which is normal for a Playwright-based script. That will download browser binaries to the machine — expected but noteworthy.
Credentials: okThe skill requests no environment variables or credentials. It performs browser automation and network requests only, which are proportionate to the stated functionality.
Persistence & Privilege: noteThe skill is not always-enabled and does not request elevated privileges. However, the SKILL.md's claim that the session is saved across runs contradicts the code (no userDataDir/persistent profile is used). If you expect persistent login, the script must be changed to launch a persistent context or provide a user data directory.