Skillv0.1.0

ClawScan security

Markdown Browser · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 18, 2026, 7:37 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and requirements are coherent with its stated purpose: it post-processes an existing web_fetch result (normalizes content, applies simple policy logic, and redacts URL pieces) and does not request unrelated credentials or perform unexpected network access.
Guidance: This skill appears coherent and limited in scope: it processes an existing web_fetch JSON, normalizes text, computes a simple policy decision from a Content-Signal header, and redacts URL parts. Things to consider before installing: (1) npm install will fetch the 'turndown' package from the public registry—audit that dependency if you need supply-chain assurance; (2) redaction is heuristic: query values are replaced with '[redacted]' for parameter names that match a short sensitive list and '[masked]' otherwise—this may not catch all secrets, so don’t rely on it as a perfect sanitizer; (3) the policy decision logic is simple (ai-input yes/no/other -> allow/block/needs_review) and depends on correctly-formed headers; malformed headers may yield 'needs_review'; (4) the skill does not make network requests itself, but it will output whatever is in the supplied web_fetch_result, so ensure the source of that JSON is trusted. Overall the skill is internally consistent with its stated purpose.

Review Dimensions

Purpose & Capability: okName/description describe a wrapper for OpenClaw web_fetch results. The included code implements exactly that: it accepts a web_fetch JSON, normalizes content (markdown/html/text), parses a Content-Signal header to decide policy_action, and redacts URL components. No unrelated credentials, binaries, or system resources are required.
Instruction Scope: okSKILL.md instructs callers to call the official web_fetch and pass its JSON into this wrapper. The implementation follows that contract (no direct HTTP calls, reads only the provided web_fetch_result and optional headers, outputs normalized JSON). The wrapper only reads stdin or a specified input file and does not access other files or environment variables.
Install Mechanism: noteNo install spec in the registry (instruction-only), but package.json declares a dependency on the npm package 'turndown'. The SKILL.md recommends running 'npm install' in the skill directory to satisfy that dependency. This is a standard, low-risk mechanism but does involve fetching a third-party npm package (audit if you require stronger supply-chain guarantees).
Credentials: okThe skill declares no required environment variables, credentials, or config paths. The code does not read environment credentials. It only processes input JSON and optional header strings; the set of requested inputs is minimal and proportional to the described functionality.
Persistence & Privilege: okThe skill does not ask for persistent presence (always:false) and does not modify system- or other-skill configuration. It is a local processing wrapper and does not attempt to persist credentials or escalate privileges.