Skillv0.1.4

ClawScan security

deep-scout · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 4, 2026, 12:34 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, prompts, and runtime instructions are coherent with its stated purpose (a multi-stage web research pipeline) and do not request unrelated credentials or unusual install actions.
Guidance: This skill appears to do what it says: it runs a search → filter → fetch → synthesize pipeline using agent web tools and LLM prompts. Before installing, be aware of these practical points: 1) The skill will fetch arbitrary web pages and send their extracted text to the LLM — avoid using it for highly sensitive/private queries or internal URLs you don't want shared with the model. 2) It may run local shell scripts (run.sh, firecrawl wrapper). The package includes sanitization and an output-path check, which is good, but you can review those scripts yourself before enabling. 3) Firecrawl is optional and only invoked if present locally; otherwise the wrapper reports FIRECRAWL_UNAVAILABLE. 4) The agent will be able to invoke the skill normally (autonomous invocation is the platform default); if you prefer manual control, only call it interactively. If you'd like greater assurance, inspect scripts/run.sh and prompts locally, and test with non-sensitive queries first.

Purpose & Capability: okName and description (web search → filter → fetch → synthesize) match the actual behavior: it calls web_search/web_fetch, uses LLMs for filtering/synthesis, and optionally uses a local Firecrawl CLI or the browser tool. Required binaries (bash, python3, timeout/gtimeout) and included scripts are proportional to the described functionality.
Instruction Scope: noteSKILL.md and scripts explicitly instruct the agent to fetch arbitrary web URLs and feed extracted content to LLMs (expected for a research tool). The run.sh includes query sanitization and output-path restrictions as mitigations. Users should note that fetched page content (including snapshots) will be sent to the LLM — this is intended but a privacy consideration.
Install Mechanism: okNo install spec (instruction-only) and included shell scripts only; no remote downloads are performed by an installer. The optional Firecrawl integration calls a local CLI if present. This is a low-risk install footprint.
Credentials: okThe skill requests no environment variables, no credentials, and no config paths. That aligns with its purpose: it leverages agent-provided tools (web_search, web_fetch, browser) rather than external API keys.
Persistence & Privilege: okalways:false (default) and no code attempts to modify other skills or system-wide agent settings. The skill writes its own state to a skill-local state file (deep-scout-state.json) — expected for resumability.