Skillv4.0.1

ClawScan security

Content Catcher · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 24, 2026, 5:17 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement a powerful web/video scraping tool, but its files, runtime instructions, and packaging contain multiple mismatches and unexplained privileges (browser-request-header manipulation, local file access, missing install guidance), so you should review before installing or running.
Guidance: This package bundles a capable scraper/downloader and also browser-extension code that can modify request headers, read page DOM, and write files on your machine. It has several inconsistencies: SKILL.md mentions dependencies (Playwright, yt-dlp, weasyprint) but the registry lists none; instructions reference files/scripts and paths that don't line up with the manifest; extension code expects Chrome extension permissions (declarativeNetRequest, downloads, runtime) but there's no install guide or permission disclosure. Before installing or running: 1) Don't run scripts as your primary account — use an isolated VM or container. 2) Inspect any places that set remote URLs or mitm endpoints (e.g., streamSaver/ffmpeg endpoints) to ensure they point to trusted services. 3) If you plan to use the extension pieces, review and audit required browser permissions and the extension manifest (not included) — granting declarativeNetRequest and downloads allows header/cookie injection and arbitrary file downloads. 4) Verify missing files and paths referenced in SKILL.md (e.g., content-watcher.js) and ensure you have trustworthy provenance (homepage/author). 5) If you lack the ability to audit, avoid installing or run only in a sandboxed environment. Additional information that would raise confidence: a clear install script, an extension manifest showing requested permissions, a homepage/repo with commits, and explicit justification for header-modification behavior.

Review Dimensions

Purpose & Capability: concernThe SKILL.md describes a Node/Python-based web scraper + video downloader that expects Playwright, yt-dlp, weasyprint, etc., but the registry metadata lists no required binaries or environment. The bundle includes browser-extension style files (chrome.* APIs, declarativeNetRequest) alongside CLI scripts — it's unclear which parts are expected to run where. The skill reads/writes local paths (e.g., ~/.clips, Desktop) and uses request-header modification APIs; these capabilities are coherent with a scraping/downloader tool but are broader than the declared requirements and lack clear installation instructions or permission disclosures.
Instruction Scope: concernSKILL.md runtime instructions instruct running node and python scripts to fetch pages, extract media, export PDF, and download video. The instructions reference additional scripts (e.g., content-watcher.js, content-watcher folder paths, video_catcher/ path) that are not present or whose locations do not match the provided manifest — this is inconsistent. The code will access local files (e.g., ~/.clips/clips.json), write output to user Desktop, and the extension code can read page DOM, enumerate media, and post messages to background pages. Those behaviors go beyond simple 'convert a webpage to markdown' (they include network request header modification, streaming to ffmpeg, and download management).
Install Mechanism: noteThere is no install spec in the registry (no package manager install/download instruction), but a full set of scripts and browser-extension-like files are included in the skill bundle. That mismatch is notable: the skill supplies code that will be present in the agent environment, but there is no documented install step, dependency installation, or manifest for the extension pieces. This is not direct remote code download, but running the included code will execute substantial functionality on the host.
Credentials: concernThe skill declares no required environment variables or credentials, which superficially looks safe. However, the code accesses and writes local files (e.g., ~/.clips/clips.json, Desktop), manipulates browser network rules via chrome.declarativeNetRequest.updateSessionRules (ability to inject/modify request headers and cookies), and can stream data to ffmpeg or remote stream-saver mitm endpoints configured at runtime (G.streamSaverConfig.url). Those actions require sensitive permissions in a browser context and access to local filesystem/network resources; the SKILL.md does not call out or justify these privileges explicitly.
Persistence & Privilege: concernThe skill is not marked always:true, and it requests no declared persistent credentials, but the included extension-like code is written to interact with chrome.runtime, declarativeNetRequest session rules, chrome.downloads, and localStorage. If installed into a browser extension context, it would require elevated permissions to modify headers and downloads and could persist state (clip logs, keys). The package provides no clear boundary on whether these components are meant to be installed as a browser extension or just run as scripts — that ambiguity increases risk.