Skillv1.0.0

ClawScan security

junxuan · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 10, 2026, 3:20 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions match a browser-automation CLI (agent-browser) but metadata, required binaries, and provenance don't line up — it directs network installs/builds and the package/source should be verified before installing.
Guidance: This SKILL.md appears to describe the 'agent-browser' CLI but the skill registry entry is named 'junxuan' with no homepage and a different owner id — that mismatch is suspicious. The instructions tell you to run network installs (npm install -g, git clone, pnpm build) and an 'agent-browser install' step that likely downloads native components; these operations should only be run after you verify the package and upstream repo. Before installing or running this skill: (1) confirm the npm package name and publisher on the official npm registry; (2) verify the GitHub repository and its maintainers (ensure the URL is correct and matches the package); (3) avoid running global installs or build steps as root — run them in an isolated environment or container; (4) note the SKILL.md references tools not listed in required binaries (git, pnpm) — ensure the runtime has the expected tooling and review what 'agent-browser install' does (network endpoints, binaries downloaded). If you can't verify the source/publisher, treat the skill as untrusted and do not run its install commands on sensitive hosts.

Review Dimensions

Purpose & Capability: noteSKILL.md documents a browser automation CLI (agent-browser) and the requested binaries (node, npm) are consistent with an npm-distributed CLI. However the skill registry entry (name: junxuan, no homepage, unknown source) and included _meta.json refer to agent-browser/agent-browser packaging; the mismatch between the skill slug/owner and the documented upstream is anomalous and worth verifying.
Instruction Scope: noteInstructions stay within the expected scope of a browser automation CLI (navigate, snapshot, interact, record, set headers/credentials). They instruct network operations (npm install -g, git clone, pnpm build) and running an 'agent-browser install' step which may download native components — expected for such a CLI but the documentation is vague about what 'install' does and what network endpoints it contacts.
Install Mechanism: concernThe skill has no formal install spec, but SKILL.md instructs doing npm global installs, git clone from GitHub, and pnpm build. Those steps perform network downloads and native builds; the registry metadata did not declare git or pnpm as required binaries. Lack of declared install instructions plus external downloads increases risk — verify the npm package and upstream repository before running installs.
Credentials: okThe skill does not request environment variables or credentials in the registry metadata. Runtime commands include options to set HTTP basic auth or headers, but those are CLI actions and not declared env requirements. No disproportionate credential requests were found in the manifest.
Persistence & Privilege: okThe skill is not always-on, does not request config paths, and uses the platform default for autonomous invocation. Nothing in the metadata suggests it will forcibly persist or modify other skills or system-wide settings.