Skillv0.1.0

ClawScan security

瀑布流特定画风采图员 (The Vibe Harvester) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 25, 2026, 11:03 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated goal (automatically scroll, visually filter, and download images) is plausible, but its runtime instructions expect GUI automation, a vision model, and explicit anti-bot/captcha handling while the package declares no dependencies, binaries, or credentials — these mismatches and the captcha-bypass behavior are concerning.
Guidance: This skill instructs an agent to perform automated GUI/browser interactions and to evade anti-bot measures (slide captcha handling, disabled right-click workarounds). Before installing, confirm: (1) how will the skill drive the browser and where does the visual model run (local model, platform capability, or external API)? (2) whether any additional binaries, browser extensions, or API keys are required — ask the author for a dependency list and an install plan; (3) that you are permitted to download the target sites' images (terms-of-service and copyright); and (4) that you are comfortable granting an autonomous agent the ability to interact with websites on your behalf. Avoid installing if you cannot verify how it performs captcha bypasses or if doing so would violate site terms or laws. If you proceed, test in a controlled environment and limit its scope (use a throwaway account and a small download folder).

Review Dimensions

Purpose & Capability: concernThe declared purpose (scanning waterfall sites and saving matching images) matches the single declared write permission (~/Downloads/Vibe_Harvester). However the SKILL.md explicitly expects GUI/browser automation (mouse movement, clicks, opening large previews, right-click save) and a 'visual large model' for aesthetic filtering. The skill declares no required binaries, automation tools, or model credentials — an incoherence between what it says it will do and what it requests/install/depends on.
Instruction Scope: concernInstructions go beyond simple browsing: they direct simulated mouse/scroll behavior, opening/closing pages, interacting with UI elements, and explicitly instruct how to handle '滑动验证码' (slide captchas), login popups, and disabled right-clicks. That is scope-creep: it includes steps that attempt to evade anti-bot measures and interact with authentication UI, which are not justified by the declared metadata and raise legal/ethical concerns.
Install Mechanism: concernNo install spec is provided, yet the runtime behavior described would normally require browser automation tooling (Selenium/Playwright), a browser extension, or a platform-provided UI-driving capability, plus a vision model runtime or API. The absence of any declared install or dependency means it's unclear how the skill will actually perform those actions — this mismatch is a deployment risk and a red flag.
Credentials: concernAt face value the single write permission to a downloads folder is proportionate. But the SKILL.md relies on a '视觉大模型' without declaring any API keys, endpoints, or local model requirements, and instructs interacting with login prompts and captchas (which could lead to credential exposure or unintended clicks). The lack of declared credentials or config for the vision model is inconsistent and suspicious.
Persistence & Privilege: notealways:false (no forced persistence) which is appropriate. Autonomous invocation is allowed by default; combined with the instructions to autonomously interact with arbitrary websites and bypass anti-bot measures, this increases potential impact. No indication the skill modifies other skills or system settings.