skill everyday
PassAudited by ClawScan on May 10, 2026.
Overview
The skill appears to do what it says—fetch public Clawhub skill data and write local reports—while using disclosed browser automation, npm dependencies, and local state files.
This looks coherent and purpose-aligned. Before installing, be comfortable running a Node/Playwright script that visits Clawhub, installs Playwright/Chromium if needed, and stores local report/state files. Review generated Markdown before sharing it, especially if it includes local directory paths or file names.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill will contact Clawhub/Convex and create or overwrite local report/state files under the skill's data directory.
The runner drives a browser to fetch public Clawhub data and writes a local report. This is central to the stated purpose, but users should notice the external requests and local file creation.
await page.route('https://wry-manatee-359.convex.cloud/api/query', async (route) => { ... }); await page.goto('https://clawhub.ai/skills', gotoOpts); ... fs.writeFileSync(reportPath, report);Run it only from the intended skill directory, review generated reports before sharing them, and sanitize slugs if adapting the script to less trusted data sources.
Installing the skill as documented may download npm packages and a Chromium browser build.
The skill depends on Playwright from npm with a version range. This is expected for browser scraping but introduces normal package/browser supply-chain considerations.
"dependencies": { "playwright": "^1.49.0" }Install from trusted registries, consider pinning or locking dependency versions, and review npm/Playwright installation prompts in managed environments.
Local reports may persist public Clawhub content plus local path/file-name metadata, which could matter if the report is later shared or reused as agent context.
The skill stores reports and an analyzed list locally; reports may also include a local skill directory path and file names when a matching directory exists.
localFilesNote = `\n### 本地技能目录\n\n\`${targetSkillDir}\`...`; ... fs.writeFileSync(latestPath, report); ... fs.writeFileSync(ANALYZED_FILE, JSON.stringify(analyzedData, null, 2));Inspect reports before sharing, and delete the data directory if you do not want the skill to retain prior analysis state.