Skillv0.1.0

ClawScan security

Add Directories · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 11, 2026, 7:46 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The instructions match the stated purpose (parsing, deduplicating, appending, and verifying directories) but the skill omits required tools, files, and any credential guidance while instructing potentially sensitive automated submissions — the pieces are inconsistent and warrant caution.
Guidance: Before using/installing this skill: - Understand this is instruction-only: it assumes a local project with .venv, Python scripts (analyze_directories.py, browser_verify.py, submit_directories.py, etc.), Playwright and the GitHub CLI. Confirm those files/tools exist in your repo/environment. - Do not auto-run the submit step until you review the submit_directories.py PRODUCT dict: it asks you to place product/account details (credentials) into code — avoid committing secrets or storing them in plaintext. Prefer environment variables or a secrets manager. - Automated submissions will interact with external websites (fill forms, handle OAuth, upload files). Use a test account and sandbox runs first to avoid unintended submissions or leaks. - Back up directories.json before running the pipeline and run the analysis/cleanup/browser verification steps in dry-run mode to see what would be submitted. - If you plan to let the agent invoke this autonomously, be aware it could drive browser flows that require credentials and could cause external side effects; consider disabling autonomous invocation or restricting the skill until you verify it. - Ask the author/maintainer for a clear manifest of required binaries and a safe mechanism for supplying credentials (env vars or interactive prompting), or provide those dependencies locally yourself before running any automated submit steps.

Review Dimensions

Purpose & Capability: concernThe SKILL.md expects a local project with Python scripts, a .venv, Playwright, and the GitHub CLI (gh) to exist and be runnable, but the skill metadata claims no required binaries, env vars, or install steps. That mismatch suggests the skill assumes an external codebase/environment that is not declared; the declared purpose alone does not justify omitting those requirements.
Instruction Scope: concernInstructions tell the agent to read and write directories.json and other local files, run networked analysis scripts, drive Playwright to visit and interact with many third‑party submission pages, discover form fields, and perform automated submissions (including handling OAuth popups and file uploads). This is within the stated goal, but it also opens paths to transmit data to external sites and requires credentials and local code edits (the PRODUCT dict) that the skill does not declare or constrain.
Install Mechanism: concernThere is no install spec, yet the workflow relies on a Python virtual environment, Playwright, and gh CLI. Because the skill will instruct running .venv/bin/python and Playwright-driven browsers, the absence of declared install steps or required binaries is an incoherence risk: a user may run commands expecting scripts that aren't present or may be instructed to install heavy packages without guidance.
Credentials: concernThe skill declares no required environment variables or credentials, but the workflow clearly needs GitHub auth (gh), possibly Google or other OAuth credentials for manual flows, and product/account details to auto-submit (the PRODUCT dict). Those secrets are not surfaced or protected in the instructions, increasing the risk of accidental credential exposure or storing secrets in code.
Persistence & Privilege: okThe skill does not request always:on or other elevated platform privileges. It instructs edits to local project files (directories.json, submission_plan.json, submit_directories.py) and running local scripts, which is expected for this task and stays within the repository scope.