Back to skill
Skillv1.0.1
ClawScan security
Design Platform Search · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 7, 2026, 6:25 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requested resources and instructions match its stated purpose (login‑free public search scraping of Dribbble, Pinterest, and Behance); it does not ask for credentials or install code and is internally consistent.
- Guidance
- This skill appears coherent and limited to public, login-free scraping of design search pages. Before installing, ensure your environment can legally and technically perform automated scraping: confirm Terms of Service for each platform, have a responsible browser-automation stack available, and plan for rate limiting and anti-bot handling. If you operate in restricted regions or behind corporate egress controls, verify proxy/VPN configuration separately (the skill only suggests them; it does not supply credentials). If you are concerned about autonomous behavior, consider disabling autonomous invocation or restricting the agent's network egress so scraping traffic is monitored and rate-limited.
Review Dimensions
- Purpose & Capability
- okName, description, and the SKILL.md all describe public, search-page-first scraping of three design platforms. The skill requires no credentials, binaries, or install steps — these are proportionate to a lightweight, instruction-only scraper.
- Instruction Scope
- noteInstructions stay on public pages and emphasize avoiding logins and not fabricating fields. They recommend browser automation, optional detail-page backfill for publish_time, and use of proxies/VPNs when needed. This is within scope, but the guidance to use proxies, VPNs, and automated browser traffic can increase operational risk (rate limiting, anti-bot measures, legal/ToS issues) and should be implemented with care.
- Install Mechanism
- okNo install spec and no code files — nothing is written to disk by the skill itself. That minimizes supply-chain risk; the runtime will rely on whatever browser automation stack the agent/environment already provides.
- Credentials
- okThe skill does not request environment variables, credentials, or config paths. It mentions optional proxies/VPNs but does not demand secret tokens or unrelated credentials, which is proportional to its purpose.
- Persistence & Privilege
- okalways is false, no modifications to other skills or agent config are requested, and autonomous invocation is the platform default. The skill does not request elevated persistence or cross-skill access.