Back to skill
Skillv1.0.0
ClawScan security
Taizi Browsh · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 16, 2026, 4:03 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only wrapper for the Browsh text-browser and only documents running the existing browsh + firefox binaries; its requirements and instructions align with its stated purpose.
- Guidance
- This skill is essentially documentation for running the existing browsh + firefox tools — it does not install software or ask for secrets. Before installing/using it: (1) make sure you have browsh and Firefox installed from trusted sources, since those binaries will execute and access the web; (2) be aware that Browsh runs a headless browser and will fetch remote content (so treat untrusted URLs as you would in a normal browser); (3) the SKILL.md suggests altering PATH — verify that the change is limited to your user environment and not a system-wide modification you don't intend; and (4) note the metadata inconsistency (different owner in _meta.json) — if provenance matters to you, request clarification from the publisher or prefer an official upstream package.
Review Dimensions
- Purpose & Capability
- noteThe name/description (text-based browser using headless Firefox) matches the declared requirements (browsh and firefox) and the runtime instructions. Minor metadata mismatch: _meta.json lists owner "gumadeiras" and a GitHub commit URL while registry metadata shows a different owner ID; this looks like packaging/metadata inconsistency but does not change the technical requirements.
- Instruction Scope
- okSKILL.md only instructs the agent/user to ensure browsh and firefox are on PATH, how to set PATH if installed locally, and how to start browsh (including a PTY note). It does not reference unrelated files, credentials, or external endpoints beyond normal web browsing.
- Install Mechanism
- okThere is no install spec (instruction-only), so nothing is downloaded or written by the skill itself. This is the lowest-risk install model.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. The runtime instructions only suggest modifying PATH to include local install directories, which is reasonable for this purpose.
- Persistence & Privilege
- okThe skill is not force-included (always:false) and uses default model invocation behavior. It does not request persistent privileges or try to modify other skills or system-wide agent settings.