Pluginv0.1.0

ClawScan security

OpenClaw URL Tailwind Scaffold · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 21, 2026, 4:27 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and requirements match its stated purpose (fetch a URL, parse static HTML, and produce a Tailwind scaffold); nothing requested or installed appears disproportionate or unrelated to that purpose.
Guidance: This plugin is internally consistent with its description: it fetches the URL you provide, parses the static HTML, and returns a Tailwind scaffold or page contract. Be aware of two practical risks: (1) SSRF/exfiltration — because it will fetch any URL you pass, do not give it internal URLs or sensitive endpoints if your agent runtime can access private networks; (2) returned payloads may include parts of fetched HTML in the analyzer output, so fetched content will be visible in the skill output. If you plan to run this in a shared or highly privileged environment, restrict the skill's network access or only allow it to fetch public URLs you control. Otherwise, the package appears coherent and proportionate for its stated purpose.

Review Dimensions

Purpose & Capability: okName/description match the implementation: the code performs an HTTP fetch of a provided URL, parses the static HTML with cheerio, extracts semantic regions, synthesizes Tailwind v4 token candidates, and returns a scaffold summary or structured page_contract. No unrelated credentials, binaries, or system access are requested.
Instruction Scope: noteSKILL.md and the bundled tool are narrowly scoped to static, fetch-backed acquisition and analysis. The runtime will perform an HTTP fetch of the user-supplied URL and may include fetched HTML in the analyzer output. This is expected for the feature, but it means the skill can retrieve the contents of arbitrary URLs supplied to it (see user guidance on SSRF/exfiltration risk).
Install Mechanism: okNo install spec is provided (instruction-only at distribution time), and the packaged dependencies are standard (cheerio). There are no downloads from arbitrary URLs, no extract steps, and package.json dependencies are reasonable for static HTML parsing.
Credentials: okThe package declares no required environment variables, no primary credential, and no config paths. All code operates on the user-provided URL and fetched HTML; no unrelated secrets are requested or accessed.
Persistence & Privilege: okThe skill does not request permanent presence (always is false) and does not modify other skills or global agent settings. It returns analysis results but does not persist files itself; orchestration guidance expects the host to handle file persistence if available.