Back to skill
Skillv1.0.0
ClawScan security
accessibility-auditor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 10:07 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only accessibility auditor skill whose requirements and instructions align with its stated purpose and do not request unrelated credentials, installs, or system access.
- Guidance
- This skill is internally consistent and appears to be purely instructional. Before running any of the example code, ensure you: (1) run audits only on sites you own or have permission to scan, (2) install and sandbox required tooling (Playwright, axe-core, Lighthouse) in a controlled environment, and (3) review/adapt example scripts (they contain placeholders and simplified logic) before executing. Because it is instruction-only, it does not request credentials or perform installs itself, but executing the provided code will require you to install runtime dependencies — do so from trusted package sources and run in an environment with appropriate network and permissions controls.
Review Dimensions
- Purpose & Capability
- okName and description match the provided content: guidance, checklists, and example code for WCAG testing and assistive-technology checks. Declared technical stack (axe-core, Playwright, Lighthouse, etc.) is consistent with accessibility testing.
- Instruction Scope
- okSKILL.md contains guidance, procedures, and references to example test code. It does not instruct the agent to read unrelated system files, access environment variables, or transmit data to unexpected external endpoints. Example code uses page.goto(url) and browser automation as expected for web audits.
- Install Mechanism
- okNo install spec and no code files that would be written/executed by an installer. The skill is instruction-only, so nothing is downloaded or installed by the skill itself.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. The example code references common testing libraries (Playwright, axe-core) which are expected; asking for additional credentials would be disproportionate, but none are requested.
- Persistence & Privilege
- okalways is false and the skill does not request persistent/system-wide changes or modify other skills. Model invocation is allowed (platform default), which is appropriate for an instruction skill.