Skillv1.0.0

ClawScan security

Web Navigator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 17, 2026, 3:28 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill claims to provide web browsing/navigation but the provided SKILL.md is an unfinished template with no runtime instructions or justification for required capabilities, leaving its intended behavior unclear.
Guidance: This skill is currently an incomplete template and does not contain the runtime instructions needed to safely understand what it will do. Do not rely on it yet. Ask the publisher for: (1) a completed SKILL.md with concrete, step-by-step runtime instructions describing how web pages are accessed, what data is read, and where results are sent; (2) the source code or homepage and an author identity you trust; and (3) any required credentials or third-party services explained and justified. Because it claims web navigation but provides no constraints, installing it as-is is ambiguous — if you consider enabling it later, require explicit, narrow instructions (allowed domains, data handling rules, and no automatic credential exfiltration) before granting access.

Review Dimensions

Purpose & Capability: concernThe name/description say the skill enables interactive browsing and navigation, but there are no declared dependencies, no network or browser tooling described, and no explicit instructions for how to perform web navigation. This mismatch (claiming a network-capable feature but providing no mechanism, requirements, or examples) is incoherent and requires clarification from the author.
Instruction Scope: concernThe SKILL.md is essentially an unfinished template (TODOs) and contains no concrete runtime instructions, decision trees, or constraints. Because there are no explicit instructions, an agent invoking this skill would not have a bounded workflow to follow — that ambiguity can lead to broad or unexpected agent behavior if the platform attempts to use the skill anyway.
Install Mechanism: okThere is no install spec and no code files (instruction-only). That minimizes immediate supply-chain risk because nothing is downloaded or written to disk, and there is nothing for the static scanner to analyze.
Credentials: noteThe skill requests no environment variables, credentials, or config paths — which reduces risk. However, for a genuine web-browsing capability you'd expect at least guidance about network access, user-agent, or optional site credentials; the absence of any such declarations adds to the incoherence noted above.
Persistence & Privilege: okThe skill does not request always: true and is user-invocable only. It does not declare any ability to modify other skills or persistent agent settings. No elevated persistence is requested.