Skillv1.0.0

ClawScan security

Competitive Ads Extractor Pro · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 14, 2026, 1:03 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated goal (scrape and screenshot ads from multiple platforms) is plausible, but the instructions omit key operational details (no declared credentials, tools, or install steps) and instruct the agent to write files to the user's home directory, creating mismatches that could lead to unexpected behavior.
Guidance: This skill looks like a useful scraper/analysis tool but is underspecified. Before installing or running it, ask the author how scraping is implemented: which endpoints/APIs are used, whether it requires Facebook/LinkedIn credentials or session cookies, and what tooling (headless browser, Phantom/Playwright) it expects. Confirm where files will be saved and whether you can change that path. Because the instructions are open-ended, run it only in a controlled environment (sandbox or VM), avoid supplying unrelated credentials, and verify the activity complies with the target platforms' terms of service. If you need this functionality, prefer a version that declares required binaries and any API keys explicitly and documents permissions and data retention.

Review Dimensions

Purpose & Capability: concernThe skill claims to scrape Facebook, LinkedIn, and other ad libraries and to capture screenshots and analyses, but it declares no binaries, tools, or credentials. Scraping LinkedIn reliably often requires login/session cookies or specialized tooling; taking screenshots implies a headless browser or rendering tool. Those needs are not reflected in the metadata, which is inconsistent with the stated purpose.
Instruction Scope: concernSKILL.md instructs the agent to 'Access Facebook Ad Library', 'Scrape ads', and 'Save to ~/competitor-ads/...'. It gives no bounded, platform-specific API endpoints, no authentication guidance, and no limits on what to collect. That open-ended guidance could cause the agent to attempt broad web scraping, access or store unrelated data, or request credentials implicitly.
Install Mechanism: noteThis is an instruction-only skill with no install spec or code files, which reduces direct supply-chain risk. However, the lack of any declared install or runtime requirements (e.g., headless browser, scraping library) is itself a problem because the agent may try to invoke tools that aren't present or it may attempt to download/run them unsafely.
Credentials: concernNo environment variables, API keys, or config paths are declared, yet the task likely requires credentials or session data for some platforms (especially LinkedIn). The skill also references writing to a user home path (~), but doesn't declare that path in required config paths. This mismatch means the skill's declared privileges are insufficient for its behavior and could cause the agent to seek other credentials or write files unexpectedly.
Persistence & Privilege: notealways is false and the skill is user-invocable (normal). However, SKILL.md explicitly instructs saving screenshots and analysis to ~/competitor-ads/, which gives the skill filesystem persistence without declaring it. It's not an elevated platform privilege, but users should be aware the agent will create and store files in their home directory when invoked.