Skillv1.0.0

ClawScan security

MIS Logbook Submit · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 17, 2026, 1:10 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (automating MIS logbook submission) is plausible, but its metadata, instructions, and shipped script are inconsistent about where secrets and activity text come from and it has no install spec for the Playwright automation it requires.
Guidance: This skill appears to implement the declared MIS logbook submission workflow, but there are mismatches you should address before installing or using it: - Verify and protect credentials: the script expects MIS_NETID and MIS_PASSWORD in ~/.openclaw/secrets/mis.env (or pointed to by MIS_ENV_FILE). The registry metadata did not list these—ensure you only store credentials in a safe location and that the agent will not echo them. Review the code yourself before placing secrets where the script will read them. - Confirm where activity text is produced: the JS expects the activity summary on stdin. SKILL.md asks the agent to gather commits and synthesize a summary first; make sure your agent or workflow performs that step and prompts you for confirmation before submission (the script will submit immediately once it receives text). - Install dependencies from trusted sources: the script requires Playwright and a Chromium runtime but provides no install instructions. Install Playwright/Chromium from the official sources (npmjs.com/package/playwright or Playwright docs) rather than trying to satisfy the script's hard-coded require paths. - Test in a safe environment: run the script in a sandbox or with a test account first to verify behavior (check it does not submit duplicates and respects the approval-first flow). - Request fixes from the author if possible: the manifest should declare required env vars and provide an explicit install spec or clear dependency instructions so users don't accidentally install or run binaries from unexpected locations. If you cannot validate these items, treat the skill as untrusted and avoid placing real credentials where the script will read them.

Review Dimensions

Purpose & Capability: noteThe stated purpose (submit MIS KP logbook) matches the included automation script and workflow docs. However the declared registry requirements list no environment variables while both SKILL.md and scripts/submit-logbook.js expect a local credentials file (default ~/.openclaw/secrets/mis.env or MIS_ENV_FILE). That mismatch between metadata and actual requirements is incoherent and should be fixed.
Instruction Scope: concernSKILL.md and references/workflow.md instruct the agent to 'gather same-day commits from GitHub/GitLab' and to use Playwright and local secrets. The shipped script does not gather commits—it expects the synthesized activity text on stdin—and does read a secrets file from the user's home directory. This split responsibility (agent gathers evidence and sends text on stdin; script performs login/submission) is not documented in the manifest and could lead to accidental credential exposure or mistaken assumptions about what the agent will do automatically. The workflow also instructs sending drafts to users and awaiting explicit confirmation—which is good practice—but that behavioral check relies on the agent implementing it (not enforced by the script).
Install Mechanism: concernThere is no install spec. The Node script requires Playwright but does not install it; requirePlaywright attempts to require Playwright from several nonstandard global paths. That creates friction and potential confusion about how Playwright gets installed (and which distribution). A missing, clear install step increases risk of accidental installation from ad-hoc locations if a user attempts to satisfy the dependency. The script also launches Chromium headless via Playwright—so a browser runtime and Playwright are required but not declared.
Credentials: noteThe only credentials the script needs are MIS_NETID and MIS_PASSWORD from a local env file—this is proportionate to the stated purpose. However the skill metadata does not declare these required environment variables or the MIS_ENV_FILE override, so the manifest understates the credential access. The script reads a file from the user's home (~/.openclaw/secrets/mis.env) which is expected but not documented in the registry metadata.
Persistence & Privilege: okThe skill does not request permanent 'always' inclusion, does not modify other skills or global agent settings, and does not request elevated system privileges. It reads a local file and launches a headless browser for automation—these behaviors are expected for this task.