Skillv1.5.2

ClawScan security

Auto Study · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 29, 2026, 5:21 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally consistent with its stated purpose (automating browser-based study tasks) but it requires access to a local Chrome profile and will read and store screenshots and page state — so review privacy and profile isolation before use.
Guidance: This skill appears to do what it says: it automates Chrome (via CDP) to read pages, take screenshots, record answers, and optionally apply/submit them on the listed learning platforms. Before installing or running it: - Only use it in line with laws, school policies, and site terms (the README warns against exams and forbidden automation). - Create and point the skill at a dedicated Chrome profile used only for this automation (do not reuse your primary browser profile). That isolates cookies, saved logins, and other sensitive site data. - Inspect and control where the agent writes files: workspace/auto-study/ will contain screenshots and markdown that may include personal or course data. Consider using an isolated account or restricting access to those files. - Confirm the agent-browser CLI and Chrome will be launched with the intended flags and CDP port (default 9344). If you run this in WSL, follow the runtime-wsl guidance carefully. - If you are uncomfortable granting access to any logged-in sessions, do not provide the profile or run the skill. If you want higher assurance, test in a disposable environment (VM or throwaway user account) first. I assessed this as benign because the requested operations, file paths, and runtime guidance match the stated purpose; the main risk is privacy/credential exposure from reusing browser profiles and stored artifacts, not covert or unrelated behavior.

Review Dimensions

Purpose & Capability: okName/description match the runtime instructions: the SKILL.md describes driving Chrome via CDP, locating questions on the listed learning platforms, saving screenshots and markdown records, and optionally applying/submitting answers — all operations you would expect for a browser-based auto-answering skill.
Instruction Scope: noteInstructions explicitly tell the agent to attach to a Chrome instance (CDP), reuse a persistent browser profile, take full-page screenshots, read images, write markdown records, and optionally apply/submit answers. That scope is consistent with the purpose but gives the skill access to session state (cookies, logged-in accounts) and to save potentially sensitive screenshots and data to the agent workspace; the SKILL.md also contains minor contradictory guidance about image reading vs OCR but this is an implementation detail, not an outright incoherence.
Install Mechanism: okInstruction-only skill with no install spec or downloads. Lowest-risk installation model: nothing is written to disk by an installer beyond the normal agent skill placement.
Credentials: noteThe skill requests no environment variables or external credentials, which is proportional. However it expects and instructs use of a persistent Chrome profile (paths documented for Windows/macOS) and the agent-browser CLI, meaning it will access browser profile data and write artifacts under the agent workspace — this is necessary for the task but has privacy implications that the user should accept or mitigate (see guidance).
Persistence & Privilege: okalways is false, no special platform privileges requested, and the skill does not declare modifications to other skills or system-wide settings. The agent may invoke it autonomously (default behavior) but that is normal and not in itself a problem.