Skillv1.0.0

ClawScan security

santanna-pisa-monitor-skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 31, 2026, 10:23 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (monitoring a public university site) matches its instructions, but the SKILL.md relies on browser automation and persistent state without declaring required binaries, storage, or how scheduling/state is handled — an incoherence worth clarifying before installation.
Guidance: This skill appears to do what it says (monitor public pages), but it relies on browser automation and persistent state without declaring how those are provided. Before installing, ask the author or maintainer: (1) which browser automation tool/runtime is expected (e.g., Playwright, Puppeteer, headless Chrome, remote browser API) and whether your agent environment has that binary/service available; (2) how and where the skill will store 'previous run' data (agent memory, a config file, external storage) and how long it is retained; (3) whether the skill respects robots.txt, rate limits, and site terms of service; and (4) if you plan to schedule recurring checks, confirm resource and bandwidth implications. If those answers are acceptable (and the platform provides a safe browser runtime and storage), the skill is reasonable. If you cannot confirm storage or browser/runtime details, proceed cautiously — ambiguity can lead to unexpected network activity or use of platform-wide storage.

Review Dimensions

Purpose & Capability: noteName/description match the instructions: it scrapes public Sant'Anna Pisa pages for jobs, courses, and deadlines. However, the SKILL.md explicitly says it uses 'browser automation' and expects scheduled/delta checks but the skill declares no required binaries, runtime tools, or storage mechanisms — a minor mismatch between claimed method and declared requirements.
Instruction Scope: concernInstructions tell the agent to navigate specific site pages, scroll, and extract structured fields (publication date, ID, deadlines, PDFs, etc.). They also describe scheduled monitoring and 'report only what's changed since last check' (implying persistent storage). The instructions do not reference any external endpoints or secret access. The concern is the implicit requirements (a browser automation runtime and a place to store previous-run state) are not specified, granting the agent freedom to choose any mechanism — this ambiguity increases risk and operational surprise.
Install Mechanism: okThis is an instruction-only skill with no install spec or code files, which is the lowest-risk install pattern. Nothing will be written to disk by a packaged installer.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. That is proportionate to its stated purpose (scraping a public website).
Persistence & Privilege: concernThe README and SKILL.md discuss scheduled recurring checks and reporting only changes since the last run, implying persistent storage of previous results. The skill does not request explicit config/storage paths or explain how state is persisted, and always:false (not force-installed). This mismatch may lead the agent to use platform-global storage or other unexpected locations — clarify where state lives and retention behavior.