Skillv1.0.0

ClawScan security

ChatGPT Image Tailnet · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 30, 2026, 9:56 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and requirements are coherent with its stated purpose (using a remote Camoufox browser over a tailnet to generate and capture ChatGPT images); it requests no unrelated credentials and has no install steps, but it will connect to an internal HTTP service and write downloaded files to disk — inspect/confirm the remote endpoint before use.
Guidance: This skill appears internally consistent, but before installing you should: (1) verify you trust the default remote base (http://100.89.48.48:9377) or override it to a known-good Camoufox instance — the skill will communicate with that internal HTTP service and that service may have access to a logged-in ChatGPT browser session; (2) inspect the bundled Python script (it is small and included) and confirm you are OK with it writing downloaded images to disk (it creates a generated/ path by default or an explicit --output); (3) avoid using it if you don't trust the tailnet endpoint or if connecting to internal network services from agents is disallowed in your environment. No credentials are requested by the skill, and there are no opaque external downloads, which reduces risk.

Purpose & Capability: okName/description match the implementation: the script drives a remote browser API (open tabs, type/click, evaluate JS, read downloads) at a tailnet IP to generate and save ChatGPT images. Nothing requested (no env vars, no extra binaries) is outside this scope.
Instruction Scope: noteInstructions stick to driving the remote browser and saving the resulting download. They explicitly prefer the remote tailnet base and instruct the agent not to switch exit nodes. Note: the skill will make HTTP calls to a supplied base URL (default 100.89.48.48:9377) and will write the downloaded image to disk; those network/file actions are expected for this purpose and should be reviewed by the user for trust in the remote service.
Install Mechanism: okNo install spec; the skill is instruction + a small Python helper script. Nothing is downloaded or executed automatically beyond running the bundled script with system Python.
Credentials: okThe skill requests no environment variables or credentials. The only implicit trust is in the remote browser service reachable at the base URL; no unrelated secrets are requested.
Persistence & Privilege: okalways is false and the skill does not request permanent presence or modify other skills. It can be invoked autonomously per platform defaults, which is expected for skills.