Skillv1.0.0

ClawScan security

DOM Capture Engine · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 30, 2026, 1:40 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally consistent with a DOM-capture/screenshot library; the main risks are importing remote code (unpkg) and optional use of CORS proxies/plugins which could be misused for exfiltration if you pull untrusted code or proxies.
Guidance: This skill appears coherent for taking DOM screenshots. Before installing or using it: 1) Prefer installing a pinned npm release (npm i @zumer/snapdom@<version>) rather than importing the latest bundle from unpkg to avoid unexpected remote code changes. 2) Be cautious about supplying or accepting arbitrary CORS proxy URLs (useProxy) or installing third‑party plugins — those could forward captured images or execute code you didn't intend. 3) If you run captures inside an automated browser (xbrowser.evaluate), treat returned data URLs as sensitive (they contain image data) and avoid sending them to untrusted endpoints. If you need higher assurance, inspect the published package contents (the npm package or a tagged GitHub release) and audit any plugins you install.

Purpose & Capability: okName, description, and runtime instructions all describe DOM-to-image capture and exporting; required items (none) are proportional to the stated purpose.
Instruction Scope: noteSKILL.md stays within the capture/export scope but repeatedly recommends importing the package from a CDN (unpkg) and shows an xbrowser evaluate pattern that returns a data URL. Those patterns are expected for this functionality but create natural exfiltration vectors (returning image data, using a proxy URL, or registering plugins that run arbitrary code). The instructions do not ask for unrelated files, env vars, or system state.
Install Mechanism: noteInstruction-only skill (no install spec). Examples instruct users to install via npm or load from unpkg CDN. Using unpkg is common and reasonable, but it means code is fetched dynamically from a remote host rather than a pinned local artifact — consider pinning versions or installing from trusted package sources.
Credentials: okNo environment variables, credentials, or config paths are requested. That matches the skill's functionality.
Persistence & Privilege: okalways is false and the skill is user-invocable only. It does not request permanent presence or system-wide configuration changes.