Skillv1.0.0

ClawScan security

Browser Automation · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 8, 2026, 2:25 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions match a PinchTab-based browser-automation purpose, but it asks users (and agents) to run third-party installers and command-line tools (curl|bash, npm, docker, jq, pinchtab CLI) without declaring them or providing checksums, which is a modest but important coherence and supply-chain risk.
Guidance: This skill appears to do what it says (PinchTab-based browser automation) but exercise caution before following its install instructions. Verify the authenticity of pinchtab.com and prefer installing from your OS package manager or a verified release with checksums/signatures. Never run curl | bash on a URL you haven't audited—download the installer, inspect it, and verify signatures/checksums. If you plan to automate pages that require credentials, use isolated environments (VM/container) and avoid storing secrets in plaintext in scripts. If you need stronger assurance, request the upstream project's release checksums or use the Docker image instead of piping remote scripts directly. Finally, be aware that the skill omits declaring runtime dependencies (curl, jq, docker, npm, pinchtab CLI); ensure those tools are from trusted sources before use.

Review Dimensions

Purpose & Capability: noteThe name and description match the SKILL.md content: the guide is about controlling Chrome via PinchTab. However the SKILL.md repeatedly uses command-line tools (curl, jq, npm, docker, pinchtab CLI) yet the skill metadata declares no required binaries or install steps. Not declaring these runtime dependencies is an inconsistency (informational, not necessarily malicious).
Instruction Scope: noteThe instructions stay within the stated purpose (navigating pages, extracting text, clicking, filling forms, snapshots). A notable scope concern: the guide recommends executing remote installer scripts (curl -fsSL https://pinchtab.com/install.sh | bash) and running arbitrary evaluate JavaScript endpoints; those actions could execute arbitrary code from the PinchTab provider and should be reviewed before running. The examples include filling inputs (e.g., credentials) which is expected for form automation but could expose secrets to the pages automated—this is a normal risk for browser automation but worth calling out.
Install Mechanism: concernThere is no install spec in the registry, but SKILL.md instructs running a remote install script (curl | bash), npm -g installs, and docker pull/run for pinchtab/pinchtab. Executing an unverified remote installer or running a downloaded binary is higher-risk than installing from a vetted package with checksums. The SKILL.md provides no checksums, signatures, or pinned versions.
Credentials: okThe skill declares no required environment variables or credentials, and the instructions do not attempt to read hidden environment variables or unrelated system config. The absence of requested credentials is proportionate to the described purpose. (Be aware that automated browsing can cause user-entered credentials to be submitted to remote pages—this is an application-level risk, not an incoherence in the skill manifest.)
Persistence & Privilege: okThe skill is instruction-only, has always=false, and requests no persistent system privileges or configuration changes in other skills. It does not attempt to modify other skills' configurations or request permanent presence.