Skillv1.0.0

ClawScan security

Competitor Spy Tool · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 15, 2026, 3:28 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (website/price/keyword monitoring) is plausible, but the SKILL.md and registry metadata disagree about what credentials and tools are required and the instructions ask for capabilities (screenshots, email-flow monitoring, Google Sheets) that aren't reflected in the declared requirements — this mismatch warrants caution before installing or supplying secrets.
Guidance: Before installing or providing secrets, verify these points: (1) Confirm which env vars are actually required — ask the publisher to fix registry metadata so GOOGLE_SHEETS_API_KEY, GOOGLE_SHEET_ID, BROWSERLESS_API_KEY, and MAILGUN_API_KEY are declared if used. (2) Don't supply high-privilege credentials: create limited, quota-restricted API keys and a dedicated Google service account with access only to a single sheet. Treat the Slack webhook as a secret scoped to a single channel. (3) Ask how screenshots and 'email signup flow' monitoring are implemented (headless browser vs external service); if an external service is used, verify its domain and privacy practices. (4) Review the upstream repository (homepage) and request the actual implementation code for audit — this skill is instruction-only so the agent will perform network actions at runtime; you should be able to inspect the code that will run. (5) Ensure scraping complies with targets' robots.txt and Terms of Service and avoid capturing PII. (6) If you proceed, test in a sandbox account first (limited keys, test sheet, isolated Slack channel). These inconsistencies aren’t definitive proof of malice, but they increase risk — fix the metadata and review implementation before granting secrets.

Review Dimensions

Purpose & Capability: concernThe skill claims scraping, SERP tracking, Slack alerts, and Google Sheets logging. Registry metadata declares COMPETITOR_DOMAINS, SERP_API_KEY, and SLACK_WEBHOOK_URL which align with core features, but SKILL.md also references GOOGLE_SHEETS_API_KEY, GOOGLE_SHEET_ID and optional BROWSERLESS_API_KEY and MAILGUN_API_KEY that are not listed in requires.env. SKILL.md describes screenshots and HTML snapshots (which normally require a headless browser or browserless service) but required binaries only list curl and grep. These omissions are inconsistent with the described capabilities.
Instruction Scope: concernSKILL.md instructs the agent to create config files, call external services (SerpAPI, Slack, Google Sheets, optional Browserless/Mailgun), scrape pages, capture screenshots and even 'monitor email signup flows.' The runtime instructions reference additional env vars and services not declared in the registry. Monitoring email signup flows and screenshots can capture sensitive information (PII, forms). The instructions are broad and include actions that could collect more data than the user expects.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, so nothing is written to disk by an installer. That lowers install-time risk. However, runtime network activity is implied by the instructions.
Credentials: concernDeclared required env vars are three (COMPETITOR_DOMAINS, SERP_API_KEY, SLACK_WEBHOOK_URL). SKILL.md also requires/mentions GOOGLE_SHEETS_API_KEY, GOOGLE_SHEET_ID and optionally BROWSERLESS_API_KEY and MAILGUN_API_KEY; those are not declared in the registry. Slack webhooks, Google service account keys, and API keys are sensitive — the skill asks for multiple secrets without declaring them consistently or naming a primary credential. This is disproportionate and unclear.
Persistence & Privilege: okalways is false, the skill is user-invocable and can be invoked autonomously (platform default). There is no install that modifies other skills or system-wide configs. No elevated persistence is requested.