test-publish-dev1
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill matches its auto-listing purpose, but it uses undeclared hardcoded web-login credentials and automatically triggers a store listing action without a separate confirmation step.
Review carefully before installing. This skill can automate real store-listing actions, uses an embedded login to a remote HTTP site, and does not show a final confirmation step before sending. Only use it if you trust the service, understand which Ozon store it can affect, and can verify or reverse the listings it creates.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could trigger product distribution or listing changes as soon as it has parsed the three parameters, which may affect a real shop.
After selecting category, shop, and price, the browser automation clicks the send button. For an Ozon product-listing workflow, this can mutate store listings without an explicit review or confirmation step in the artifacts.
page.click('.send-btn')
send_clicked = TrueRequire an explicit final user confirmation before clicking send, show the selected category/store/price and expected impact, and document rollback or cancellation behavior.
The skill may operate through a shared or embedded account rather than the user's own clearly authorized account, and the HTTP login exposes credential/session traffic to network interception risks.
The script logs into a remote HTTP service with hardcoded credentials, while the registry metadata declares no required credentials or environment variables.
page.goto('http://139.9.192.16:9089/', wait_until='networkidle')
page.fill('input[type="text"]', 'test')
page.fill('input[type="password"]', '123456')Remove hardcoded credentials, require user-owned credentials or a scoped OAuth/API token, use HTTPS, and declare all credential requirements in metadata.
The skill may fail unless Playwright and its browser runtime are already installed, and users have less visibility into the runtime setup it needs.
The reviewed artifacts include a runnable Python helper but no install/dependency specification, while the code imports Playwright and launches Chromium. This is likely an operational packaging gap rather than direct malicious behavior.
No install spec — this is an instruction-only skill. ... Code file presence: scripts/auto_distribution.py
Add an install spec or requirements file for Playwright/browser dependencies and make the referenced script name consistent with the packaged file.