Back to skill
Skillv1.0.1
ClawScan security
Agent Autonomy Pro · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 15, 2026, 6:53 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The package's documentation and marketing promise broad autonomous web/LLM/browser capabilities, but the shipped code only implements a local planner, file-backed TF‑IDF memory and heartbeat/log files — the advertised external tool integrations are not implemented, which is an incoherence you should review before installing.
- Guidance
- Key points to consider before installing: - The README/SKILL.md promises web fetching, browser automation and LLM-driven publishing, but the shipped code does not implement network or browser adapters — treat this as either incomplete or misleading. - The module performs persistent local file writes (memory/, tasks/, autonomy.log); inspect these paths and consider running in a sandbox or container first. - There are in‑docs payment/contact instructions (Alipay/WeChat). Those are unrelated to runtime and could be social engineering; do not send money without verifying the publisher. - If you need the advertised external integrations (LLM APIs, browser automation), ask the author how credentials are supplied and where adapters live; otherwise the skill will only perform local planning and file operations. - If you proceed, run under limited privileges, review the exact files it writes, and avoid supplying any sensitive API keys or credentials until the integration points are explicit and audited.
Review Dimensions
- Purpose & Capability
- concernThe SKILL.md advertises web_fetch, browser automation, LLM integration and publishing workflows, but the code (index.js) implements a local TaskPlanner, ExecutionMonitor and a simple VectorMemory (TF‑IDF) with no network/web/browser/LLM adapters or any calls to external services. This mismatch (marketing vs. actual required capabilities) is disproportionate and could indicate an incomplete or misleading package.
- Instruction Scope
- concernRuntime instructions tell agents to load the module and call execute(goal) for fully autonomous, multi‑step tasks (including publishing to external sites). The actual runtime behavior is limited to local file IO and planning. The SKILL.md also contains out‑of‑band payment/contact instructions (Alipay/WeChat) which are social/operational rather than runtime, and the combination of vague autonomy promises ('无需人工确认') with absent tool adapters grants broad implied authority that is not realized in code.
- Install Mechanism
- okNo install spec or external downloads are declared; the skill is instruction + local code only. There are no brew/npm/remote archive installs to review, so install mechanism risk is low.
- Credentials
- noteThe registry metadata declares no required environment variables or credentials. However, the SKILL.md claims integrations (LLM, browser automation, posting to websites) that would normally require API keys/login credentials — these are neither requested nor documented in code. This omission is inconsistent and means the package either expects manual wiring or is incomplete.
- Persistence & Privilege
- noteThe code persistently writes and reads files: a vector index (memory/vector-index.json), heartbeat (tasks/execution-heartbeat.txt) and a local log (autonomy.log). Paths are resolved as path.join(__dirname, '..', '..', ...), which will place files two directories above the module folder (commonly the repository root). While not privileged, this persistent file I/O is noteworthy and can create data on the host filesystem outside the module folder.