Back to skill
Skillv1.1.0
ClawScan security
Web Scraper Pro · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 6, 2026, 2:30 AM
- Verdict
- Review
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's scraping behavior is coherent, but it embeds a hard-coded billing API key, forces an external payment verification call before every fetch, and sends fetched pages to multiple third-party conversion services — these behaviors are disproportionate or surprising and raise privacy/monetization concerns.
- Guidance
- This skill will send any requested URL (and the resulting page content) to several external conversion services and will call a SkillPay billing API before performing the fetch. Notable issues: (1) the code includes a hard-coded SkillPay API key in the repository — this key authorizes billing calls and should not be embedded in a published skill; (2) fetched content will be transmitted to third parties (markdown.new, defuddle.md, r.jina.ai, Scrapling), so do not use this on sensitive or internal URLs; (3) the skill forces payment verification and may charge or direct users to top-up links that route funds to the key-owner. Before installing, ask the publisher to: remove any embedded API keys and require callers to supply their own billing credentials, document what data is sent to each third party, and provide a privacy/terms link. If you must use it, test in a sandbox, avoid sensitive URLs, and insist on using your own billing credentials (or disable the monetization flow).
Review Dimensions
- Purpose & Capability
- noteThe name/description (web scraper → convert URL to Markdown) matches the instructions and code for fetching and converting web pages. However, the SKILL.md and payment.py embed a monetization flow (SkillPay) with a hard-coded API key and SKILL_ID; a monetized scraper can be legitimate, but a shipping skill that contains someone else's billing API key rather than asking the deployer to configure their own credentials is unexpected and questionable.
- Instruction Scope
- concernRuntime instructions require executing a payment verification step (network call to skillpay.me) before any fetch. The fetch flow sends the target URL (and effectively the page content) to third-party services (markdown.new, defuddle.md, r.jina.ai, and an included Scrapling library). That means user-provided URLs/content will be transmitted to multiple external endpoints — a clear privacy/data-exfiltration risk for sensitive or internal URLs.
- Install Mechanism
- okNo installation spec; skill is instruction-only with an included payment.py file. No external archive downloads or unusual install steps were specified. Risk from install mechanism is low.
- Credentials
- concernThe bundle does not declare required env vars but both SKILL.md and payment.py include a hard-coded BILLING_API_KEY value (sk_...) and a SKILL_ID. Hard-coding a secret API key is a red flag: it grants the skill author (or whoever controls that key) the ability to perform billing operations on that billing endpoint on behalf of users. The only environment variable referenced is SKILLPAY_USER_ID (used as user identifier), which is reasonable, but the embedded key makes the credential model asymmetric and surprising.
- Persistence & Privilege
- okalways is false and nothing in the files requests persistent platform-wide privileges or modifies other skills. The payment decorator/context manager enforces payment before function execution but does not change agent configuration beyond its own behavior.