Skillv1.0.0

ClawScan security

Web To Pdf · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 15, 2026, 11:23 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files and runtime instructions match its stated purpose (converting webpages to PDF) and request no unnecessary credentials or installs; minor documentation/implementation inconsistencies exist but nothing appears malicious.
Guidance: This skill is coherent with its purpose and contains no hidden downloads or credential requests. Before installing, note: (1) the SKILL.md references a missing batch script — functionality for batching may be incomplete; (2) the provided helper script only prints messages and does not perform exports (the actual PDF export is expected to be done by the platform 'browser' tool); (3) the instructions rely on running 'exec rm <path>' to delete files — ensure the agent only deletes the exact file path returned by the browser tool and that path handling is safe to avoid accidental deletion of other files; and (4) consider whether you trust the platform's browser and messaging tools to handle any sensitive pages you convert. If you need stronger guarantees, review how the platform sandboxes the browser tool and where PDF files are stored before proceeding.

Purpose & Capability: okThe name/description (webpage → PDF) aligns with the instructions (use the platform 'browser' tool to navigate and export PDF, then send the file). No unrelated binaries, environment variables, or external services are requested.
Instruction Scope: noteInstructions are narrowly scoped to: navigate with the browser tool, export PDF, send file via message, and remove the local file. This is appropriate for the stated purpose. Minor concerns: the SKILL.md mentions a 'scripts/batch-export.sh' that is not present in the bundle, and the guidance uses exec rm <path> — deleting files is expected for cleanup but care must be taken to ensure only the returned PDF path is removed (avoid unsanitized/ambiguous paths).
Install Mechanism: okNo install spec and no third-party downloads; the skill is instruction-first with a tiny helper script that only prints usage/messages. This is low risk.
Credentials: okThe skill requests no environment variables, credentials, or config paths. All required capabilities are the platform-provided tools (browser, message, exec) which are reasonable for the task.
Persistence & Privilege: okalways:false and default autonomous invocation are set. The skill does not request persistent privileges or modify other skills. Autonomous invocation is allowed by platform default and not, by itself, a red flag here.