Skillv2.0.0

ClawScan security

Web Quality Audit · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 8, 2026, 3:49 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's static audit script and instructions are generally coherent for a code/HTML quality review, but the SKILL.md claims browser automation and token-efficient extraction (PinchTab) without corresponding install steps, binaries, or code — this mismatch and the instruction to include full source raise privacy/exfiltration concerns.
Guidance: This skill contains a small, harmless HTML static-check script and a detailed audit spec, but it also claims browser automation (PinchTab) and 'token-efficient' extraction without providing code or install/credential requirements for those features. Before installing or using: 1) Ask the publisher to explain/attach the PinchTab integration and provide an install spec or clarify that browser automation is optional. 2) Be cautious when supplying a project: the skill's instructions ask for full source output, which will include secrets (API keys, tokens) if they exist — remove or redact secrets first. 3) If the skill will run automation that needs tokens, require explicit declaration of which env vars or credentials are needed and why. 4) Test the skill in a sandbox environment with non-sensitive sample projects. 5) Monitor outputs for unexpected exfiltration (unknown endpoints or tokens). If the author cannot justify the missing install/credential details for the advertised browser automation, treat the feature as untrusted or incomplete.

Review Dimensions

Purpose & Capability: noteThe name/description (web quality audit with browser automation) mostly matches the included static analyzer (scripts/analyze.sh) and the Lighthouse-style guidance. However, the SKILL.md repeatedly advertises browser automation with PinchTab and 'token-efficient content extraction' while the package has no install spec, no glue code, and no PinchTab integration. That claimed capability is not implemented in the provided files, which is an incoherence: either the skill is incomplete or it expects runtime access to external tooling that isn't declared.
Instruction Scope: noteSKILL.md instructs the agent to analyze projects and to include 'Full source of all included files' in the audit output. That is appropriate for a code audit but it explicitly directs the agent to collect and output entire file contents, which can include sensitive secrets or private data. The actual analyze.sh implements lightweight static HTML checks (doctype, charset, viewport, lang, img alt, title, http links) and outputs a JSON with issues/warnings — it does not perform browser automation or network calls. The instruction to validate with PinchTab is not reflected in the script.
Install Mechanism: noteThere is no install spec (instruction-only plus a small script), so nothing is written to disk beyond the provided files — low installation risk. However, because the SKILL.md references browser automation (PinchTab) and multi-instance orchestration but provides no guidance on installing or authorizing that tooling, this is inconsistent and may lead implementers to run ad-hoc installs or fetch external tools at runtime.
Credentials: concernThe manifest declares no required environment variables or credentials, which aligns with the provided static script. But SKILL.md's language about 'token-efficient content extraction' and PinchTab (which typically requires tokens or drivers) suggests omitted credential requirements. The absence of declared env vars while advertising token-based automation is a mismatch and could hide later requests for tokens or credentials if the skill were extended.
Persistence & Privilege: okThe skill does not request always:true, does not declare system config changes, and is user-invocable only. It does not appear to request persistent privileges or to modify other skills' configurations.