Skillv1.0.2

ClawScan security

LINE Chat for Official Account · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 23, 2026, 11:17 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, files, and runtime instructions are consistent with its stated purpose (browser automation of LINE Official Account); it does not request unrelated credentials or perform hidden network exfiltration, but you should still treat any browser-automation skill as powerful because it can access whatever the browser profile can see.
Guidance: This skill appears to do what it says, but browser-automation skills can access anything visible in the browser profile they control (messages, attachments, cookies, other open tabs). Before installing: (1) only install from a trusted source; (2) ensure the platform launches the skill in the isolated profile it requests (profile:"openclaw"); (3) review the local config.json it will create (it only needs chatUrl); (4) run the setup script yourself rather than giving arbitrary agent control if you are uneasy; and (5) if you use automated cron checks, be aware they will open the browser and may require re-login — monitor for unexpected activity and revoke sessions if you suspect misuse.

Purpose & Capability: okName/description match requested actions and included files. The skill uses browser evaluate scripts and a local setup wizard to capture the chat URL; no unrelated binaries, env vars, or remote installs are required.
Instruction Scope: noteInstructions are specific to opening chat.line.biz, handling login via account.line.biz, running DOM-evaluation scripts, and reading/writing a local config.json under skills/line-oa. This is in-scope for automating LINE OA. Note: browser automation inherently exposes any data visible in the browser session (messages, images, cookies), so the agent will have access to those chat contents when it runs.
Install Mechanism: okNo install spec — instruction-only with small helper scripts. setup.js is a local Node script; no remote downloads or archive extraction are performed by the skill.
Credentials: okThe skill requests no environment variables or external credentials. It writes/reads a local config.json and reads its JS helper files — proportional to its purpose. There are no unrelated credential requests.
Persistence & Privilege: okSkill is not marked always:true and does not modify other skills or system-wide settings. It asks the user to run a local setup script that stores the chatUrl configuration in the skill's workspace directory — expected behavior for this functionality.