v1.0.0

Clipper

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:18 AM.

Analysis

Clipper largely matches its clipping purpose, but it should be reviewed because it automatically writes to and Git-pushes your Obsidian vault and uses a browser profile for some pages.

GuidanceBefore installing, confirm you want every clip written into the detected Obsidian vault and automatically committed/pushed to Git. Verify the target vault and Git remote, use a dedicated browser profile for WeChat clipping, and pin/review the external x-reader dependency.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

All saves trigger automatic git sync: `pull --rebase → add → commit → push`

Every save is documented to run a Git command chain that mutates the local repository and pushes to its remote, with no artifact-shown per-save confirmation or opt-out.

User impactSaving a clip can change the vault repository and publish/sync the new note, and Git push may also propagate existing branch commits depending on the repository state.

RecommendationOnly install if automatic Git sync is desired; otherwise require a confirmation step, disable push by default, or restrict syncing to a dedicated clipping branch/repository.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

`x-reader` for general web: `pipx install 'git+https://github.com/runesleo/x-reader.git'`

The setup points users to install an external CLI directly from a Git repository without a pinned release or commit in the artifacts.

User impactA future install could fetch different x-reader code than the code reviewed here.

RecommendationPin x-reader to a specific release or commit and declare required binaries/install steps in metadata or an install spec.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceMediumStatusConcern

SKILL.md

browser action=open profile=openclaw targetUrl=<url>

The WeChat workflow opens user-provided URLs with a named browser profile; the artifacts do not state that this profile is clean, isolated, or free of session/cookie context.

User impactA selected page may be loaded using whatever browser-profile state exists for that profile, which can expose logged-in context to that site.

RecommendationUse a dedicated low-privilege browser profile for clipping, and disclose or require confirmation before using any profile that may contain logged-in sessions.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

scripts/web.py

r'https://wsrv.nl/?url=\\1'

The code rewrites WeChat image URLs through the third-party wsrv.nl image proxy, creating an external data flow that is not described in SKILL.md.

User impactSaved notes may later load images through wsrv.nl, revealing the proxied image URLs to that service.

RecommendationDisclose the image-proxy behavior and provide an option to disable it for users who do not want third-party image proxying.