Skillv1.0.0

ClawScan security

Alibaba Supplier Outreach · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 23, 2026, 7:45 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions line up with its stated purpose (automating Alibaba outreach) but it automates actions in your logged-in browser (including screenshots and coordinate clicks), expects platform tools that are not declared in the metadata, and could capture or act on sensitive data — proceed with caution.
Guidance: This skill behaves like a remote assistant that will control your Chrome session to search suppliers, read and send messages, and take screenshots. Before installing or invoking it: 1) Confirm you are comfortable allowing automated actions from your logged-in Alibaba account (it will send messages and read replies). 2) Note the SKILL.md requires LaunchFast and specific chrome-automation tools but the skill metadata does not declare these — ask the author to list required platform tools. 3) Be cautious about screenshots (they may capture account info or other private content); prefer redaction or disable screenshots if possible. 4) The workflow uses coordinate-based clicks which are brittle — test with a throwaway Alibaba account or in a safe environment before using on your main account. 5) Always review and approve each generated message before the skill sends it (the skill asks for approval, but verify the platform enforces it). If you cannot verify the tooling or don't want an agent to control your logged-in browser, do not enable this skill.

Review Dimensions

Purpose & Capability: noteThe skill's name and description match what the SKILL.md instructs (finding suppliers, crafting messages, sending inquiries, checking replies). However, the runtime instructions require platform-specific tools (mcp__launchfast__supplier_research and mcp__claude-in-chrome__* chrome automation) and a logged-in Alibaba Chrome session, but these required tools are not declared in the skill's top-level metadata — a mismatch that should have been explicit.
Instruction Scope: concernThe instructions tell the agent to control the user's browser, navigate to supplier pages, read message pages, type and send messages, and take screenshots for verification. Taking screenshots of web pages opened in the user's browser can capture sensitive or unrelated information (account details, other messages). The use of coordinate-based clicks is brittle and can click the wrong UI element, causing unintended actions. While reading and sending messages is within the stated purpose, these operations are privacy- and action-sensitive and should be explicitly called out, limited, and audited.
Install Mechanism: okNo install spec or code files are present; the skill is instruction-only. This lowers supply-chain risk because nothing is downloaded or written to disk by the skill itself.
Credentials: noteThe skill requests no environment variables or credentials, and it does not ask for AWS/other unrelated secrets. Instead it relies on the user's logged-in Chrome session for Alibaba and on platform tools. That is reasonable for a browser-automation-based outreach skill, but the metadata should have declared these tool dependencies so users understand what platform capabilities it needs.
Persistence & Privilege: okThe skill does not request persistent 'always' inclusion or special agent-wide privileges. It can invoke autonomously (platform default), which is expected — but given the ability to operate the user's logged-in browser, users should be aware of the potential blast radius if the skill is allowed to run without supervision.