Skillv1.0.1

ClawScan security

WeekendWiz · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 10, 2026, 7:37 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's files mostly match its stated purpose (generate HTML and screenshots of a weekend schedule), but there are notable gaps and a prompt-injection signal: it calls Playwright/Chromium without declaring dependencies and the SKILL.md contains unicode control characters that can hide instructions—so review before installing.
Guidance: What to check before installing: 1) Inspect the raw SKILL.md and the included files for invisible/unicode-control characters (they can hide instructions). 2) Confirm you are comfortable manually installing Playwright (Python package) and Chromium — the scripts call Playwright but the skill provides no install steps; installing Playwright typically downloads browser binaries (network access). 3) Run the scripts in an isolated/sandboxed environment first to verify behavior and ensure no unexpected network traffic (the HTML loads Google Fonts, and Playwright may request network resources). 4) Verify openclaw cron usage and channels (cron 'deliver' targets like qqbot / USER_ID) match your expectations and won't post to external accounts you don't control. 5) Ask the publisher for source/origin and an explicit dependency/install list (Python requirements, Playwright version, whether headless Chromium is required). If you cannot obtain or verify these, treat the skill as untrusted and avoid installing it in production or on hosts with sensitive data.
Findings: [unicode-control-chars] unexpected: SKILL.md was flagged for unicode control characters. For a scheduling skill there's no legitimate reason to include hidden control characters; they can be used to hide or obfuscate text/instructions. Inspect the raw file for invisible characters before trusting the SKILL.md.

Review Dimensions

Purpose & Capability: noteThe skill's name/description (weekend schedule management, HTML rendering, screenshots, cron reminders) matches the included files: a template, an HTML updater, and a screenshot generator. However the SKILL.md explicitly says to use Playwright + Chromium while the package declares no required binaries, no env vars, and no install steps for Playwright or a browser—this omission is disproportionate and should be corrected/clarified.
Instruction Scope: concernRuntime instructions are focused on local files (memory/schedule.md, memory/schedule.html) and using openclaw cron for reminders, which is in-scope. But the SKILL.md contains a detected 'unicode-control-chars' injection signal (suggesting hidden/obfuscated characters) — this is unexpected and could be used to conceal instructions or alter parsing. Also the instructions require Playwright/Chromium for screenshots but do not instruct how to install or restrict it; installing Playwright will typically download browser binaries which has network implications.
Install Mechanism: noteThere is no install spec (instruction-only), which limits what gets written to disk at install time. However included scripts require Python dependencies (playwright) and a Chromium browser; these are not declared. The absence of an install step for Playwright/Chromium means an operator would need to install them manually — this is an operational gap and a potential hidden network/install action later.
Credentials: okThe skill requests no environment variables, no credentials, and no config paths. The operations described (local markdown/html manipulation and scheduling via openclaw cron) do not require additional secrets, so the lack of credential requests is proportionate.
Persistence & Privilege: okThe skill is not always-enabled and does not request system-wide configuration changes. It uses the agent's cron feature for reminders (documented). No evidence it modifies other skills or agent configs beyond its own files.