Skillv1.0.0

ClawScan security

Google Free Media Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 5, 2026, 5:40 PM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code, docs, and runtime instructions are internally consistent with its stated goal (automating browser interaction to generate media via Google web UIs); there are no hidden network endpoints or unexpected credential requests, but there are practical risks you should understand before running it (ToS risk, cookie/session handling, and missing dependency/install hygiene).
Guidance: This skill is coherent with what it says: it’s a local browser-automation skeleton for using Google web UIs to produce images/videos. Before installing/running: 1) Be aware this method may violate Google’s Terms of Service — use at your own risk. 2) Inspect and understand the Puppeteer/Playwright code you will add; the included scripts are placeholders/skeletons and expect you to implement selectors and login handling. 3) Do not store or expose Google session cookies on shared or public machines; prefer a dedicated account with limited permissions. 4) Install Puppeteer from the official npm registry and review its version/lockfile; avoid running unreviewed install scripts as root. 5) Run in an isolated environment (VM/container) if you are concerned about account/session exposure. 6) If you want the agent to run this autonomously, explicitly weigh the risk that the agent could open a logged-in browser session and act without further prompts. If any of the above is unacceptable, do not run the scripts or request clarifications from the author.

Review Dimensions

Purpose & Capability: okThe name/description (use browser automation to generate images/videos via Google Gemini/Flow) matches the included files and SKILL.md. The repository contains image/video generator scripts and a local quota manager consistent with the stated purpose. No unrelated credentials, cloud services, or unrelated binaries are requested.
Instruction Scope: noteSKILL.md and the scripts instruct the agent/user to open a browser, log into Google, and drive the web UI via Puppeteer/Playwright (skeleton pseudo-code present). The scripts read/write only local paths under the skill (outputs, configs, logs). They reference session persistence (cookies/session storage) which is logical for this use case but is a potential privacy/security consideration (storing session cookies could expose account access if handled insecurely). The instructions do not attempt to read unrelated system files or environment variables.
Install Mechanism: noteThere is no install spec; this is instruction-plus-scripts. README instructs 'npm install puppeteer' which is expected for browser automation, but the skill does not automate or pin dependency installation. This is lower-risk than remote download/extract, but the user must manually install and trust the npm package used (puppeteer).
Credentials: okThe skill requests no environment variables, no credentials, and no config paths outside its own repo. The main sensitive operation is requiring you to use your Google account via a browser login; that is proportional to the stated purpose but raises the usual account/session safety considerations (don't use high-privilege accounts; be careful where session cookies are stored).
Persistence & Privilege: okalways:false and no modifications to other skills or global agent config. The skill stores per-repo quota/config/log files under configs/ and writes outputs under the specified output path. Autonomous invocation is allowed by default (not unusual) but does not introduce extra privileges here.