Back to skill
Skillv1.0.0
ClawScan security
Browser Download · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 5, 2026, 5:40 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions, requirements, and scope are coherent for teaching the agent to download files via the OpenClaw browser tool; it requests no secrets and has no install step.
- Guidance
- This skill appears to do what it says: it teaches the agent to download files using the OpenClaw browser tool and requests no secrets. Before installing, consider: (1) downloads can retrieve arbitrary files — only allow this skill if you trust the agent's autonomy or restrict when it can run; (2) the skill uses a hard-coded storage directory (/mnt/storage/ada_projects/downloads/) — confirm that location is appropriate and sandboxed, and change it if needed; (3) scanned files should be validated/antivirus-checked after download; and (4) ensure your OpenClaw gateway (openclaw.json relayPort) is correctly configured and only accessible to trusted networks. No scan warnings were present because the skill is instruction-only.
Review Dimensions
- Purpose & Capability
- okName/description (browser download) aligns with required binary (openclaw) and the instructions (openclaw browser commands and DOM evaluation). No unrelated credentials, binaries, or install steps are requested.
- Instruction Scope
- noteSKILL.md stays within the download use case (finding selectors, using browser actions, clicking via evaluated JS). It hard-codes a storage path (/mnt/storage/ada_projects/downloads/) and references that relayPort must be configured in openclaw.json. Hard-coded storage and the ability to click arbitrary page elements mean the agent could download arbitrary content — expected for this skill but worth noting as an operational risk.
- Install Mechanism
- okInstruction-only skill with no install spec or downloadable code. This minimizes install-time risk (nothing is written to disk by the skill itself).
- Credentials
- okNo environment variables or secrets are required; only the openclaw CLI and a running gateway are needed, which is proportional to the stated purpose. The skill mentions openclaw.json configuration but does not request access to unrelated credentials.
- Persistence & Privilege
- okalways is false and the skill does not request elevated or persistent platform privileges. It does not modify other skills or system-wide configs.