Skillv0.1.1

ClawScan security

Web Scraper · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 23, 2026, 1:17 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's required tools, permissions, and runtime instructions are consistent with a web-scraper: it only generates scripts/configs, optionally checks an OPENROUTER_API_KEY for an LLM step, and asks the agent to inspect system state — nothing indicates it is trying to do unrelated or covert actions.
Guidance: This skill appears to be what it says — a multi-stage web scraper that writes scripts and output files. Before installing or running it: (1) review the generated Python/YAML scripts before executing them (do not blindly run generated code); (2) ensure you have legal permission to scrape the target sites (check robots.txt and terms of service, watch for paywalls); (3) be aware npx/playwright may download browser binaries when used — sandbox or limit network access if needed; (4) keep your OPENROUTER_API_KEY (if used) secret and only insert it into trusted code, not into agent prompts; (5) note the skill probes host state (pip list, disk space) — if you prefer to keep that private, restrict agent privileges or run in an isolated environment; (6) the bundle metadata shows a homepage in claw.json but registry source/homepage are listed as unknown — if provenance matters, obtain the source repository or contact the author for verification. If you lack trust in the source, perform a manual review in a sandbox before granting filesystem/network permissions.

Review Dimensions

Purpose & Capability: okName/description (web scraping, multi-stage extraction) match the declared binaries (python3, pip, npx) and the permission needs (filesystem, network). The optional LLM step via OpenRouter is clearly identified as optional and only used in generated scripts.
Instruction Scope: noteSKILL.md is an instruction-only workflow that tells the agent to create Python/YAML/JSON files, probe the environment (pip list, npx playwright dry-run, disk space), and perform HTTP/Playwright/Scrapy-based scraping. These actions are within the scope of a scraper, but environment probing (pip list, Playwright checks) exposes host state and the instructions are fairly broad about target selection — review targets and generated scripts before executing them.
Install Mechanism: okThere is no install spec and no downloaded binaries in the skill bundle. This is instruction-only (lower risk). The SKILL expects existing system tools (python3, pip, npx) which is appropriate for the described pipeline.
Credentials: noteThe skill declares no required env vars; it only optionally uses OPENROUTER_API_KEY for Stage 5 in generated scripts. That is proportional to an optional LLM entity-extraction step. The agent is instructed to check for that env var — checking presence is reasonable but is a host-state read that you may want to control.
Persistence & Privilege: okalways:false and normal autonomous invocation settings. The skill requests filesystem and network permissions, which are expected for a scraper that writes scripts and outputs and performs HTTP requests. It does not ask to modify other skills or system-wide agent configs.