ClawHub

Auto-AI Web Bridge

SuspiciousAudited by ClawScan on May 10, 2026.

Overview

The skill’s web-bridge purpose is clear, but it asks the agent to collect and possibly save Claude/Gemini login credentials without clear credential-scope or storage controls.

Install only if you are comfortable using Claude/Gemini web accounts through the agent. Avoid sharing passwords; log in manually where possible, do not allow credential persistence unless the storage method is clear, and avoid submitting confidential code or sensitive prompts without explicit approval.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

ConcernHigh Confidence
ASI03: Identity and Privilege Abuse
What this means

A user could be prompted to give the agent passwords or account access for Claude/Gemini, potentially including a Google account, with unclear handling after use.

Why it was flagged

The skill instructs the agent to request third-party account credentials, use them for login, and potentially persist them, but it does not specify credential scope, storage location, retention, or safeguards.

Skill content
Se NON loggato: chiedi credenziali all'utente ... Dopo aver ricevuto credenziali, prova il login ... Salva le credenziali in modo sicuro se l'utente le fornisce
Recommendation

Do not provide passwords to the agent. Prefer official APIs, OAuth/device login, or manual browser login, and require the skill to declare exactly what credentials are needed and how they are stored or discarded.

NoteHigh Confidence
ASI07: Insecure Inter-Agent Communication
What this means

Private prompts, code snippets, or project details may be processed by Claude or Gemini through their web interfaces.

Why it was flagged

The skill sends user prompts, and potentially code or image-generation requests, to external provider web interfaces. This is purpose-aligned, but users should understand the data boundary.

Skill content
Codice → Usa Claude AI (https://claude.ai) ... Immagini → Usa Gemini (https://gemini.google.com) ... inserisci il prompt
Recommendation

Only use this skill with data you are comfortable sending to those providers, and get explicit user approval before submitting confidential code or sensitive prompts.