Skillv1.2.0

ClawScan security

Supermarket Sales · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 11, 2026, 11:30 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, dependencies, and instructions are consistent with its stated purpose (fetching Coles/Woolworths specials); there are only minor inconsistencies and routine risks from running browser automation and installing an npm dependency.
Guidance: This skill appears to do what it says: run it if you want automated supermarket deals, but take normal precautions. Review the included scripts locally before running. Notes and recommendations: (1) npm install will install puppeteer and typically download a Chromium binary—run this in a sandboxed environment or container if you have concerns about binaries or resource usage. (2) The scripts use headless browser automation with --no-sandbox (common in containerized CI environments); run in a restricted container if you keep that flag. (3) Verify the repository/homepage and resolve the small version mismatch if you rely on provenance. (4) Run npm audit or pin dependency versions to reduce supply‑chain risk. (5) Be aware of websites' terms of service—scraping may be rate‑limited or disallowed; avoid heavy automated polling. If you want higher assurance, ask the maintainer for a release tag/commit hash and reproduce npm install in an isolated environment first.

Review Dimensions

Purpose & Capability: okName/description match the provided code and instructions. The included Node scripts and shell script fetch Coles and Woolworths (via aggregators and/or Puppeteer) and package.json declares puppeteer as expected. Minor inconsistencies: SKILL.md says Woolworths uses aggregators because the official site blocks automation, yet fetch_with_puppeteer.js attempts to load the Woolworths catalogue page directly; package.json version (1.1.0) differs from registry metadata (1.2.0). These appear to be cosmetic/maintenance issues, not indicators of misdirection.
Instruction Scope: okSKILL.md instructs the agent/user to run npm install and the provided scripts, and offers web_fetch/web_search_plus alternatives. Runtime instructions and scripts are narrowly scoped to fetching pages and extracting price text. They do not instruct reading local secrets, scanning unrelated files, or sending data to third‑party endpoints beyond the listed supermarket sites and aggregator domains.
Install Mechanism: noteThere is no registry install spec, but package.json requires puppeteer and SKILL.md tells users to run npm install. Puppeteer will download/launch a Chromium build by default (or require manual install). This is an expected dependency for browser automation but carries the normal npm supply‑chain and binary download risks; the install mechanism itself is standard and traceable (npm).
Credentials: okThe skill requests no environment variables, credentials, or config paths. The scripts only perform network requests to supermarket/aggregator sites and do not access local secrets or unrelated services.
Persistence & Privilege: okalways is false and the skill does not request elevated persistence or modify other skills/system settings. disable-model-invocation is default (allowing autonomous invocation), which is normal; nothing in the skill combines autonomous invocation with broad credential access or other red flags.