Skillv1.0.0

ClawScan security

Qfc Order · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 16, 2026, 1:31 AM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requests and instructions are coherent with its stated purpose (automating QFC pickup orders using a user-attached Chrome session and a grocery-list file); there are no unexpected env vars or installs, but attaching a logged-in browser tab grants the agent high privilege so proceed with caution.
Guidance: This skill appears to do what it says: it automates adding items to QFC using a Chrome tab you must attach and a grocery-list file from another skill. Before installing or running it: 1) Understand that attaching your browser tab gives the agent access to the logged-in web session (so only attach a tab where you are intentionally logged into QFC and not other sensitive sites). 2) Review the grocery-list file (skills/grocery-list/grocery-list.json) to ensure it contains only shopping items and no secrets. 3) Be prepared to confirm actions — the skill prompts for user confirmation, and you should review the cart/total before finalizing any order. 4) Ensure the browser-relay extension or toolbar button you use is trustworthy, since it exposes the tab DOM/cookies to the agent. If you need stronger assurance, prefer manual ordering or a skill that uses an explicit API key workflow rather than controlling a logged-in browser session.

Review Dimensions

Purpose & Capability: okThe skill's name/description match what its instructions do: use a browser relay to operate qfc.com and add items from a grocery-list file. It reads skills/grocery-list/grocery-list.json and persists minimal order state to skills/qfc-order/qfc-state.json — these are proportionate to the stated task.
Instruction Scope: noteInstructions are detailed and narrowly focused on interacting with the qfc.com shopping UI (search, add, adjust qty, open cart, schedule slot). It explicitly requires the user to attach a logged-in Chrome tab and to confirm before proceeding. It reads the grocery-list file from another skill (expected for this purpose). There is no instruction to read arbitrary system files or unrelated environment variables.
Install Mechanism: okThere is no install spec and no code files beyond an empty state JSON — lowest-risk install surface. Nothing is downloaded or written beyond the declared state file path.
Credentials: noteThe skill declares no environment variables or external credentials. However, it requires the user to attach a logged-in Chrome profile/tab via the browser relay; that effectively grants the agent access to the user's active web session (cookies, DOM) for that tab. This is necessary for the task but is a high-privilege capability the user should be aware of.
Persistence & Privilege: okalways is false and the skill persists only its own state to skills/qfc-order/qfc-state.json. It does not request system-wide configuration changes or permanent platform presence beyond normal skill behavior.