Skillv1.0.0

ClawScan security

Nyc 311 Reporter · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 11, 2026, 3:03 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions mostly match its stated purpose (automating NYC 311 form filing), but there are small inconsistencies and a truncated main routine in the provided file that warrant caution before installing or running it with real personal data.
Guidance: What to check before installing or running: - Review the full scripts locally before running. The provided browse_311.py in the listing is truncated at the end; confirm you have the complete file. A truncated main() may cause runtime errors or unexpected behavior. - Run the script first with the dry-run (--no --submit) to generate screenshots in /tmp and verify the form-filling logic matches the portal flow. Do not run with --submit until you have confirmed behavior. - The tool will submit personal contact information to the NYC 311 portal if --submit is used. Only provide information you consent to send; consider using a burner email/phone if testing. - SKILL.md suggests storing a user profile in assets/config.json but the visible functions rely on CLI args and do not read that file. Confirm whether the script version you have reads config.json or update the code/docs accordingly to avoid accidental exposure of stored personal data. - Because Playwright automates a real browser and follows links on pages, it can navigate to third-party domains if the portal links there; inspect the script and test in an isolated environment (VM/container) if you’re concerned about unintended navigation or external network activity. - If you lack confidence in the supplied code, prefer manual filing via the official portal or request a fully audited/complete script from the publisher. If you decide to run it, perform initial tests with dummy data and in an isolated environment.

Review Dimensions

Purpose & Capability: noteName/description match the included Playwright automation script: scraping categories, finding forms, filling and optionally submitting. However, SKILL.md suggests storing a user profile in assets/config.json while the visible automation functions use CLI arguments and the script does not appear to read assets/config.json — an inconsistency between docs and implementation.
Instruction Scope: noteSKILL.md instructions are specific and constrained to running the included script and installing Playwright. They instruct saving screenshots to /tmp and running a dry-run before actual submission, which the script implements. No instructions request unrelated files, environment variables, or external endpoints beyond the 311 portal. The manifest shows the python file is truncated in the listing (main function cut off), which could make runtime behavior unclear.
Install Mechanism: okNo custom installer; installation is standard: pip install -r requirements.txt and playwright install chromium. Dependencies are reasonable for browser automation (requests, bs4, playwright). No arbitrary URL downloads or extract steps are present in the manifest.
Credentials: noteThe skill requests no environment variables or external credentials — appropriate for its function. It does accept and will submit user-identifying fields (name, email, phone, location) to the NYC 311 site if run with --submit; this is expected but users should be aware they are transmitting personal data to an external government portal. assets/config.json contains example personal data; the code doesn't clearly read it, so documentation and implementation mismatch could lead to user confusion.
Persistence & Privilege: okThe skill does not request persistent/always-on privilege, does not modify other skills or global agent settings, and is user-invocable only. It saves screenshots to /tmp as noted — a non-privileged filesystem location.