ClawHub
Back to skill
v1.0.0

Lucasyao1985/clawdchat-analysis

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:16 AM.

Analysis

This skill appears to do what it says—browse Moltbook, analyze public posts, and save a local report—but users should notice its browser automation, external-source installation notes, and local data retention.

GuidanceThis looks safe to install if you want a Moltbook analysis helper. Before using it, verify any GitHub source you install from, make sure you are comfortable enabling Playwright/browser automation, and remember that generated reports are based on untrusted public posts and may be saved locally.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
browser_navigate("https://moltbook.com") ... top_posts = extract_posts_from_snapshot(browser_snapshot()) ... for post in high_value_posts: browser_navigate(post.url) ... post.comments = extract_comments(limit=30)

The skill instructs browser automation to navigate Moltbook, switch feeds, visit post pages, and collect comments. This is central to the stated scraping/analysis purpose and includes limits, but it is still browser-tool activity a user should expect.

User impactWhen invoked, the agent may browse Moltbook pages and collect public posts/comments to build a report.
RecommendationUse it only when you intend to run a Moltbook crawl, and keep browser automation scoped to Moltbook and the documented read-only workflow.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceMediumStatusNote
README.md
git clone https://github.com/yangliu2060/clawdchat-analysis.git ~/.claude/skills/clawdchat ... Claude Code with Playwright MCP(用于浏览器自动化)

The README documents a manual external GitHub clone into the skills directory and a Playwright MCP dependency, while the registry record has no install spec. This is not hidden or automatic, but users should verify the external source and dependency before installing.

User impactInstalling from the documented GitHub source could add or update local skill instructions outside the reviewed registry package.
RecommendationInstall only from a trusted source, confirm the repository matches the reviewed skill, and enable Playwright MCP only if you are comfortable with browser automation.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
SKILL.md
post.full_content = extract_full_content() ... post.comments = extract_comments(limit=30) ... 从多个帖子中提炼社区集体智慧 ... 输出路径: ~/myassistant/chat/moltbook-daily/YYYY-MM-DD.md ... raw/ # 原始数据(可选)

The workflow brings untrusted public posts/comments into the model context, summarizes them as community wisdom, and stores reports or optional raw data locally. This is expected for the skill, but retrieved content can be noisy or manipulative and may persist.

User impactA generated report may reflect misleading or prompt-injection-like content from public posts, and saved reports/raw data may remain available for later reuse.
RecommendationTreat Moltbook content as untrusted input, review reports before acting on recommendations, and periodically clean or limit the stored raw/report files if needed.