Back to skill
Skillv1.0.1
ClawScan security
Lazada Shopping Assistant · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 8:22 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's requested actions and instructions line up with its stated purpose (automated browser scraping of Lazada search pages), but it directs the user/agent to install third‑party tooling and modify agent runtime files — steps that merit careful review before proceeding.
- Guidance
- This skill is internally consistent: it needs browser automation to scrape Lazada and tells you how to get it. Before installing or running it, review the external tools it asks you to install (the 'agent-browser' npm package and the referenced ClawHub skill). Installing npm packages globally and copying files into ~/.openclaw can execute arbitrary code and may require elevated permissions; prefer using the platform's built-in MCP browser (mcp__builtin_browser__navigate) if available. Verify the source and repository of agent-browser and matrixy/agent-browser-clawdbot, run installations in a sandboxed environment if possible, and confirm that scraping Lazada complies with site terms of service. Finally, be aware that this skill will open and scrape live pages (including generating clickable links) — avoid providing or exposing any credentials or personal data to the skill.
Review Dimensions
- Purpose & Capability
- okName/description (Lazada shopping assistant) match the runtime instructions: the skill needs browser automation to navigate Lazada sites and scrape product data. No unrelated services, credentials, or binaries are requested.
- Instruction Scope
- noteSKILL.md instructs the agent to automatically open a browser, scrape live product pages, and present ranked recommendations — all consistent with the advertised capability. However, it also instructs installing CLI/browser tooling and modifying the OpenClaw workspace (copying a skill to ~/.openclaw and toggling disabled), which goes beyond a simple read-only workflow and requires write/exec operations on the host.
- Install Mechanism
- noteThere is no formal install spec in the package, but the instructions tell the agent/user to run 'npm install -g agent-browser' and to install a ClawHub skill (matrixy/agent-browser-clawdbot) or copy files into ~/.openclaw. Using npm to pull third-party code and modifying the local skills directory is coherent with needing browser automation but carries moderate risk (arbitrary code from npm and manual file writes).
- Credentials
- okNo environment variables, credentials, or unrelated config paths are requested. Scraping public Lazada pages does not require secrets, so the lack of declared credentials is proportionate.
- Persistence & Privilege
- noteThe skill itself does not request 'always: true' and is user-invocable. However, the instructions advise altering the OpenClaw skills directory and restarting the gateway to enable an external agent-browser skill, which grants longer-lived runtime presence to additional tooling — a legitimate need for browser automation but one that increases the blast radius if the installed tools are untrusted.