Skillv1.0.5

ClawScan security

Clean Content Fetch · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 9, 2026, 5:34 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions require running Python scripts (and installing browser automation dependencies) but those script files are not included in the package — the described runtime does not match the delivered files.
Guidance: This skill's README-like instructions expect a scripts/ directory and a script named scripts/scrapling_fetch.py, but those scripts are not included in the package. Before installing or running anything: 1) Ask the publisher for the missing script files or an authoritative source (git repo or release) and verify their contents. 2) Never pip-install packages system-wide for unknown code — use an isolated virtual environment or container. 3) Inspect any fetched scripts for network calls, hidden endpoints, or code that exfiltrates data before running; Pay special attention to code that uses browser automation (Playwright) because it will load remote pages and may execute page JS. 4) If you must run this, do so in a sandbox (container/VM) and avoid supplying credentials. 5) If the runtime environment already provides the referenced scripts, review them the same way — the absence of included code is the primary incoherence and increases risk of pulling code from unverified locations.

Review Dimensions

Purpose & Capability: concernThe name/description claim a content-extraction tool that runs a Python pipeline (scrapling + html2text + optional Playwright). That purpose would legitimately need the referenced scripts and possibly those dependencies. However, the package contains only reference docs and no scripts (e.g., scripts/scrapling_fetch.py is referenced in SKILL.md but not present). This mismatch means the skill as delivered cannot perform its stated function without fetching or relying on external code.
Instruction Scope: concernSKILL.md gives concrete runtime instructions (run python3 scripts/scrapling_fetch.py <url> <max_chars>, install packages, optionally use playwright) which are narrowly scoped to fetching and cleaning public webpages. Those instructions do not ask for unrelated system files or credentials. The problem is they direct execution of a script that is not included; if an agent attempted to follow them it would need to obtain or install code from elsewhere, which is not documented here and increases risk.
Install Mechanism: okThere is no install spec and no binaries packaged. That keeps the skill low-risk from an automatic-install perspective. The SKILL.md recommends pip installs and playwright browser installation — standard for this functionality — but these are manual recommendations, not an automated install step included in the package.
Credentials: okThe skill requests no environment variables, no credentials, and no config-path access. The declared dependencies (scrapling, html2text, curl_cffi, playwright, browserforge) align with web fetching and rendering. Nothing in the description asks for unrelated secrets or system access.
Persistence & Privilege: okThe skill is user-invocable, not always-on, and does not request to modify other skills or persist configuration. Autonomous invocation is allowed by default but is not combined with any other high-risk factor here.