Skillv1.0.0

ClawScan security

test-auto-study · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 29, 2026, 5:06 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared purpose (automating browser-based study tasks) matches its instructions and requirements — it only needs local Chrome/CDP access and writes task artifacts to a local workspace, but it will create and reuse a persistent browser profile and execute JS in pages via CDP, so install with care.
Guidance: This skill appears internally consistent with its stated purpose, but review these points before installing: - It will drive your local Chrome via a CDP port and can execute JavaScript in pages. That capability is required for the task but also allows the skill to interact with any open page the agent attaches to. Only use it on a trusted machine/session. - It creates and reuses a persistent browser profile (stored under %LOCALAPPDATA% or ~/Library/Application Support). That will persist login cookies and other session data. If you want to avoid leaving credentials, run it in a disposable profile, separate user account, or sandbox/VM. - The skill writes screenshots and markdown answer records into your agent workspace (e.g., ~/.codex/ or ~/.openclaw/...). Expect local files to be created — inspect them if concerned. - There are no required external credentials, and there is no remote install payload, which reduces supply-chain risk. However the skill requires agent-browser and an external agent-browser skill; install those from trusted sources. - Consider disabling autonomous invocation (or only enabling the skill when explicitly needed) if you are worried about the agent performing browser actions without your confirmation. If you want stronger assurance: review the referenced GitHub repository and runtime instructions in the skill files, run the skill in a disposable environment first, and verify the profile and workspace paths it creates.

Review Dimensions

Purpose & Capability: okThe name/description (auto-study for Yuketang, Xuexitong, Zhihuishu, Pintia) aligns with the runtime instructions: attach to Chrome via CDP, read pages/screenshots, choose/fill answers, and optionally submit. Declared prerequisites (Chrome, agent-browser, agent-browser skill) match the functionality.
Instruction Scope: noteInstructions explicitly tell the agent to snapshot pages, save screenshots and markdown under a workspace path, attach to or launch Chrome on a CDP port, and execute page actions via CDP/Runtime.evaluate. These actions are within the stated purpose but do include reading page content and executing arbitrary JavaScript in the target tab and writing persistent artifacts to disk — worth noting because they touch the browser and local filesystem.
Install Mechanism: okThis is an instruction-only skill with no install spec or remote downloads. No install-time code is pulled from arbitrary URLs, which reduces install-time risk.
Credentials: okThe skill requests no environment variables or external credentials. It does require local Chrome and agent-browser tooling and asks to create/use a persistent profile directory under user application data — these are proportional to a browser automation skill.
Persistence & Privilege: notealways:false (not force-installed). The skill instructs the agent to create and reuse a persistent Chrome profile (profile roots under %LOCALAPPDATA% or ~/Library/Application Support) and to store screenshots/markdown under the agent workspace. That persistence is coherent with purpose but means cookies/session state will be stored locally — consider isolation if you don’t want credentials/session persistence.