Skillv1.0.0

ClawScan security

movie-search · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 11, 2026, 1:11 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions, required resources, and behavior are internally consistent with its stated purpose of locating streaming and download links (including torrent sites); nothing in the package requests unrelated credentials, installs, or system access.
Guidance: This skill is coherent with its purpose: it assembles search links for streaming platforms, torrent sites and subtitle sites. Before enabling it, consider the following: (1) legal and policy risks — it includes links to torrent/piracy sites which may violate your local law or platform policy; (2) safety of third-party links — the skill constructs public URLs but does not fetch or vet the files those links point to, and torrent downloads can expose you to malware; (3) runtime requirements — the skill assumes the agent can perform web searches or open the listed URLs; if your agent has no web access the results will be incomplete; (4) trigger behavior — the SKILL.md says it should fire for a set of trigger phrases; if you don’t want the agent to proactively suggest piracy-related links, restrict when the skill can be invoked or disable autonomous invocation. If these considerations are acceptable, the skill appears internally consistent and there are no disproportionate credential or install demands.

Review Dimensions

Purpose & Capability: okThe name/description (search for movie/TV download and watch links) matches the SKILL.md: the doc explicitly lists torrent sites, streaming platforms, and subtitle sites used to produce results. No unrelated binaries, env vars, or installs are requested.
Instruction Scope: noteInstructions tell the agent to construct and return search URLs across many public sites (1337x, TPB, YTS, EZTV, domestic platforms, JustWatch, subtitle sites). The SKILL.md also instructs using WebSearch to normalize titles. This stays within the declared purpose. Note: it explicitly builds links to known torrent/piracy sites — that is consistent with the stated goal but raises legal/policy considerations (not a technical incoherence). The skill does not instruct reading local files or accessing secrets.
Install Mechanism: okInstruction-only skill with no install spec and no code files to write to disk — lowest install risk.
Credentials: okNo environment variables, credentials, or config paths are requested. The resources the skill accesses are external public websites, which matches its function.
Persistence & Privilege: okalways is false and the skill is user-invocable; it does not request permanent platform privileges or attempt to modify other skills. It does hint it should be invoked when certain phrases appear, which is normal for a search skill.