Skillv1.0.0

ClawScan security

hubstudio · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 16, 2026, 6:55 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent with its stated purpose (local HubStudio OpenAPI helper + Playwright automation); it asks for no unrelated credentials or installs, but it exposes legitimately high‑privilege HubStudio endpoints (shell execution, ADB creds) that you should only use if you trust the local HubStudio service and the environment.
Guidance: This skill appears to be what it says: a local HubStudio OpenAPI helper plus Playwright automation examples. Before installing, verify you actually run HubStudio locally and trust that local service. Be aware the skill exercises powerful endpoints (e.g., execute shell on cloud phones, retrieve ADB connection/password info) — if an untrusted agent or user invokes those, those endpoints could be abused. Review the included files (hubstudio.js, commands.generated.json, openapi.yaml, and the Playwright demo) yourself, especially the defaultBody entries that contain odd hex-like keys, and don't set a HUBSTUDIO_AUTH_TOKEN globally unless necessary. Only run npm install/playwright from trusted networks/registries and consider running the demo in an isolated account or VM if you're cautious. If you need more assurance, request the upstream source (homepage/repo) or ask the publisher for explanation of the unusual defaultBody keys and for explicit documentation of required auth fields.

Review Dimensions

Purpose & Capability: okName/description match what is present: generated OpenAPI commands, a CLI (hubstudio.js), full reference, and Playwright automation examples. Required binaries/env vars are minimal and proportional (optional HUBSTUDIO_BASE_URL/HUBSTUDIO_AUTH_TOKEN). Nothing requested is unrelated to HubStudio automation.
Instruction Scope: noteSKILL.md instructs the agent/user to call the local HubStudio API (default http://127.0.0.1:6873), start/stop environments, retrieve debuggingPort and connect via Playwright to automate web pages (e.g., baidu.com) and to write reports/summaries. These actions are within the stated purpose, but the skill (and included scripts) will actively navigate external websites and extract page content and will create local report files — which is expected but worth noting from a privacy perspective.
Install Mechanism: okNo automatic install spec is included (instruction-only install). package.json lists Playwright as an optional dependency you would install manually; using the public npm registry is normal. No opaque downloads or extraction from arbitrary URLs are present.
Credentials: noteThe skill does not require secrets by default. It documents optional HUBSTUDIO_BASE_URL and HUBSTUDIO_AUTH_TOKEN environment variables which are reasonable. One oddity: generated default request bodies include unusual keys like '01KAJX...'/similar hex-like keys in defaultBody values — these look like placeholder or instrumented keys and are not documented in SKILL.md; their presence is unusual but not necessarily malicious. The skill does call endpoints that can return ADB credentials or execute shell commands on cloud phones (e.g., /api/v1/cloud-mobile/exe-command and list-adb), which are powerful but coherent with HubStudio functionality.
Persistence & Privilege: okalways is false and the skill does not request persistent platform privileges. It writes local report and summary files (node_test_all_report.json, summary files) and may create or suggest symlinks when installing into the OpenClaw workspace — these are expected for a local automation skill and don't indicate overbroad privileges.