Skillv0.2.0

ClawScan security

Clawhub Publish 146156 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 13, 2026, 3:03 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions and metadata have multiple inconsistencies (unknown provenance, mismatched metadata, and an instruction to globally install an npm package) that make it unclear whether it does only what it claims; proceed with caution and verify the package before installing.
Guidance: This skill is suspicious mainly because of provenance and install questions rather than explicit malicious instructions. Before installing or running it: 1) Do not run 'npm install -g agent-browser' globally without checking the package — inspect the npmjs.org package page, author, download count, and published files. 2) Search for the package source repository and review the code (especially install scripts and any postinstall behavior). 3) Verify the owner/slug mismatch between the registry metadata and _meta.json; contact the publisher if possible. 4) Prefer installing in a sandbox or container (not as root), or run 'npm pack' and inspect the tarball before installing. 5) If you cannot verify the package source and contents, avoid installing it system-wide and consider safer alternatives (well-known browser automation tools with clear provenance).

Review Dimensions

Purpose & Capability: concernThe description advertises a 'fast Rust-based headless browser CLI with Node.js fallback', but the SKILL.md only instructs installing a global npm package (agent-browser) and requires Node.js ≥18. No Rust build or binary provenance is provided. The registry name (Clawhub Publish 146156) and owner ID in the registry metadata differ from the _meta.json owner/slug (agent-browser), which is an unexplained mismatch in provenance. These discrepancies make it unclear whether the requested installation matches the claimed implementation.
Instruction Scope: noteThe SKILL.md stays within the stated functional scope (open, snapshot, click, fill, wait, close) and does not instruct the agent to read arbitrary files or environment variables. However, it explicitly instructs installing a remote npm package globally (npm install -g agent-browser), which grants that package the ability to run install scripts and create system-wide binaries — an action outside the immediate 'use' scope and worth verifying.
Install Mechanism: concernThere is no install spec in the registry entry; instead the SKILL.md tells users to run 'npm install -g agent-browser'. Installing an npm package globally can execute arbitrary install scripts and introduce native binaries; combined with no homepage, no source link, and conflicting metadata, the provenance of the code to be installed is unclear. NPM installs are a moderate-risk mechanism and should be verified before running globally.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. There is no direct request for secrets or unrelated credentials in the SKILL.md, which is proportionate to the described web-automation purpose.
Persistence & Privilege: noteThe skill is not always-enabled and does not request elevated platform privileges. However, the installation instruction (global npm install) results in a system-wide binary that persists outside the agent's sandbox, so users should be aware they are installing persistent software onto their system.