Skillv0.1.0

ClawScan security

Webperf · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 11, 2026, 10:54 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (running browser JS snippets to audit web performance) matches its instructions, but it claims 47 snippets without packaging them or explaining where to fetch the actual snippet code — that's an operational gap you should understand before use.
Guidance: This skill appears to be a set of DevTools snippets for auditing web performance, and it instructs the agent to run scripts in the browser via MCP — that is expected behavior. However, the package does not include the actual snippets it advertises; the SKILL.md references a GitHub repository but provides no automated fetch or included script content. Before using it: (1) verify where the snippet code will come from (inspect the referenced GitHub repo yourself), (2) only run snippets you trust or review the code before evaluating on real sites, and (3) avoid running the snippets on pages containing sensitive data (logged-in sessions, payment pages, etc.), since arbitrary console scripts can read page content and potentially exfiltrate it. If the skill is intended to fetch scripts from the repo automatically, ask the maintainer to add explicit fetch/install steps and include vetted snippets in the package so you can audit them.

Review Dimensions

Purpose & Capability: noteName and description match the runtime instructions: the skill is meant to run JavaScript snippets in Chrome DevTools to audit web performance. However, the SKILL.md advertises a collection of 47 snippets and multiple sub-skills, but the skill package contains no snippet code or included assets — only the SKILL.md. It's unclear where the agent is expected to obtain the snippet source (the README points to a GitHub repo, but the skill provides no install/fetch step).
Instruction Scope: concernInstructions explicitly direct the agent to use MCP actions (mcp__chrome-devtools__navigate_page, evaluate_script, get_console_message) to run snippets in the target page — this is coherent for a webperf tool. The concern: the SKILL.md tells the agent to "load the skill's skill.md to see available snippets and thresholds," but the packaged SKILL.md does not contain the snippets themselves nor instructions to fetch them from the referenced repository. Running arbitrary JS in a user's page can expose page data; the skill gives the agent freedom to evaluate scripts but doesn't include or vet those scripts.
Install Mechanism: okNo install specification and no code files are present. That minimizes the risk of arbitrary code being written to disk by the installer. Because this is instruction-only, there is nothing to download or extract at install time.
Credentials: okThe skill requests no environment variables, credentials, or config paths. There are no unexpected secrets or external service tokens required.
Persistence & Privilege: okalways is false and the skill is user-invocable; it does not request persistent or elevated privileges. Autonomous invocation is allowed by default but not combined here with other high-risk requirements.