Skillv1.0.0

ClawScan security

mufi-admin · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 28, 2026, 3:34 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The instructions match the stated admin task, but the skill assumes an authenticated browser session (mentions a specific profile) and uses DOM-eval automation without declaring any authentication or credential handling — this mismatch merits caution.
Guidance: This skill is an instruction-only guide for automating MUFI admin UI tasks; the content itself matches that purpose. However it assumes an authenticated browser session (mentions a profile named 'openclaw') but does not explain how to authenticate or how credentials are handled. Before installing or allowing autonomous use: 1) Confirm how you will provide authentication (do not upload or share full browser profiles unless you trust the skill/source). 2) Prefer manual review or sandboxed testing of the DOM-eval snippets — they execute clicks and could save unintended changes. 3) If you plan to allow autonomous invocation, restrict or monitor runs so the skill can't perform wide-ranging admin changes without human approval. 4) Ask the publisher for clarification about authentication and whether the 'openclaw' profile is required or a local convenience tip. If you cannot verify those details, treat this skill cautiously or test it in a non-production environment first.

Review Dimensions

Purpose & Capability: noteThe SKILL.md describes exactly the MUFI admin UI workflows (events, campaigns, frame templates, frames) so the required actions align with the stated purpose. However the skill does not declare any credentials or auth mechanism while the admin site necessarily requires login, which is an unexplained omission.
Instruction Scope: concernInstructions include precise DOM manipulation snippets (document.querySelector / evaluate to click date cells and save buttons) and recommend using a browser profile named 'openclaw'. These runtime instructions directly manipulate the admin UI and assume access to a logged-in browser profile — they do not describe authentication, nor do they limit or validate actions, which could cause unintended admin changes if run autonomously.
Install Mechanism: okNo install spec or external code is provided; the skill is instruction-only, so it does not write files or download archives.
Credentials: noteNo environment variables or credentials are requested, yet the skill expects use of a specific browser profile and an authenticated session. The absence of declared credential handling is a proportionality gap: the agent will need access to a logged-in session but the skill gives no guidance on safe handling of those credentials or sessions.
Persistence & Privilege: notealways:false (normal). The skill can be invoked autonomously (platform default). Given it performs admin UI actions, autonomous invocation could make sensitive changes; this is not a platform misconfiguration but is operationally significant and should be considered before enabling autonomous runs.