ClawHub
Back to skill
v1.0.0

Web + Desktop Automation

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:04 AM.

Analysis

This is a transparent browser and desktop automation toolkit, but it can operate logged-in websites and local apps, so users should confirm sensitive actions.

GuidanceThis skill appears coherent and purpose-aligned. Before installing or using it, be aware that it can drive browsers and desktop applications, including logged-in websites and local files. Keep tasks narrowly scoped, review installed dependencies, and require confirmation before any action that changes accounts, uploads files, submits forms, deletes data, or edits important local documents.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusNote
SKILL.md
Filling forms, clicking buttons, logging in
- Downloading or uploading files
- Controlling desktop apps with mouse/keyboard

These capabilities are central to the stated automation purpose, but they allow high-impact interactions with websites, accounts, files, and local applications if used carelessly.

User impactThe agent could click buttons, type into apps, submit forms, or upload/download files as part of a user-requested workflow.
RecommendationUse the skill only for clearly specified tasks, and require explicit confirmation before submissions, uploads, purchases, deletions, account changes, or other consequential actions.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
references/dependencies.md
pip install playwright pyautogui opencv-python pillow
playwright install

The skill relies on external Python packages and Playwright browser binaries. This is disclosed and purpose-aligned, but dependency installation is not captured in an install spec.

User impactInstalling the dependencies adds third-party code and browser binaries to the user's environment.
RecommendationInstall dependencies from trusted package indexes in a controlled Python environment, and review package versions if reproducibility matters.
Cascading Failures
SeverityLowConfidenceHighStatusNote
references/mixed-example.md
Download a CSV report from a website, open it in a local spreadsheet app, make a small edit, save it, then upload the result back to the website.

The example intentionally chains web download, local desktop editing, and web upload. The documented safeguards reduce risk, but mistakes could propagate from a local edit back into an online system.

User impactA wrong file edit or upload could affect data in both local files and a remote service.
RecommendationKeep originals unchanged, save edited outputs separately, verify each phase, and confirm before uploading or submitting changed files.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
references/browser-workflows.md
- Login flows
...
- Reuse authenticated sessions when allowed

The skill contemplates operating within logged-in web sessions. That is expected for browser automation, but it means actions may be taken under the user's account authority.

User impactIf used on logged-in sites, the agent may access private account data or perform actions as the user.
RecommendationApprove which account or session may be used, avoid sharing unnecessary credentials, and confirm any account-changing action before it is performed.