Skillv1.0.0

ClawScan security

clean-web-fetch · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 8, 2026, 8:24 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's description matches a web-content-extraction tool, but the runtime instructions rely on local scripts and absolute paths that are not included or declared — this mismatch is suspicious and requires inspection before use.
Guidance: Do not install or run this skill as-is. The SKILL.md expects you to run a local Python script and points to absolute paths under /Users/zzd that are not included in the package — this may be a leftover from the developer's environment. Before using: (1) ask the publisher to provide the actual scripts and any referenced 'references' files (or include them in the skill bundle); (2) inspect those Python scripts manually to verify they only fetch and parse the target URL and do not read unrelated files or exfiltrate data; (3) prefer vetted install instructions (e.g., a packaged script or a container) and check the pip packages (scrapling/html2text) on PyPI to confirm they are legitimate; (4) run the tool in a sandbox environment the first time. If the author cannot provide the scripts or a clear explanation for the absolute paths, treat the skill as untrusted.

Review Dimensions

Purpose & Capability: concernThe name/description describe a web-page-to-markdown fetcher which is coherent. However, the skill declares no code, no install, and no environment requirements, yet the SKILL.md instructs running a local Python script (scripts/scrapling_fetch.py) that is not included in the package. That mismatch (declared nothing vs. instructions requiring local files) is inconsistent.
Instruction Scope: concernThe instructions tell the agent to execute a Python script at absolute/user-specific paths (/Users/zzd/.openclaw/...) and reference local 'references' files. Those paths are outside the declared scope and would cause the agent to access arbitrary local files if present. The SKILL.md also allows installing Python packages, but the primary runtime behavior depends on running an external script that is not bundled or verified here.
Install Mechanism: noteNo install spec is provided (instruction-only), which reduces installer risk. The SKILL.md suggests installing pip packages (scrapling and html2text) if missing — this is normal for a Python-based fetcher, but the pip package 'scrapling' is referenced without verification and could be any third-party package.
Credentials: concernThe skill declares no required env vars or config paths, yet the instructions reference absolute local filesystem paths under a specific user's home. That is inconsistent: the instructions implicitly require access to those local files. No credentials are requested, but the implicit filesystem access is disproportionate to the package metadata.
Persistence & Privilege: okThe skill is not marked 'always: true' and does not request persistent privileges. It is user-invocable and can be run autonomously (default), which is normal. There is no evidence it modifies other skills or system-wide settings.