Back to skill
Skillv1.0.2
ClawScan security
Price Gap Monitor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 18, 2026, 3:08 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only price-monitoring helper that requests no installs, binaries, or credentials and its runtime guidance aligns with the stated purpose.
- Guidance
- This skill appears coherent and low-risk, but before installing or using it: (1) Confirm you consent to any browsing of logged-in marketplace pages—do not share credentials; the skill correctly advises asking you to log in rather than doing it itself. (2) Ask the publisher what 'Creatop handoff' means in practice and where actionable outputs would be transmitted or stored (no endpoint is specified). (3) If you plan to provide price snapshots, avoid including sensitive personal data. (4) If future versions add installs, downloads, or environment variables, re-review those changes before enabling the skill.
Review Dimensions
- Purpose & Capability
- okName/description match the SKILL.md: it focuses on product- and category-level price snapshots using user data or browser-collected public pages. There are no unrelated credential or binary requests.
- Instruction Scope
- noteInstructions center on collecting public price signals and on honest reporting. The skill repeatedly recommends using the OpenClaw managed browser and reminds users to log in when needed; this is appropriate but requires explicit user consent before inspecting any logged-in account pages. The SKILL.md mentions a 'Creatop handoff' for actionable outputs but does not specify endpoints—this is ambiguous and worth clarifying.
- Install Mechanism
- okNo install spec and no code files are present; the skill is instruction-only so nothing is written to disk or downloaded during install.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. That is proportionate to its described functionality.
- Persistence & Privilege
- okalways is false and autonomous invocation is allowed (platform default). The skill does not request elevated or persistent system presence.