Skillv1.1.1

ClawScan security

url2pdf-mk · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 14, 2026, 2:24 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, files, and runtime instructions are coherent with its stated purpose (converting webpages to PDF/Markdown); it explicitly warns about reusing your Chrome profile and uses a local CDP proxy, so the main risks are privacy-related rather than signs of misdirection or hidden features.
Guidance: This skill appears to do what it says, but it controls a real browser and by default reuses your Chrome/Chromium profile. That means if you run it in default (non-isolated) mode the script can access cookies, logged-in sessions, and other profile data. The SKILL.md already warns about this; before using the skill: (1) prefer --isolated mode if you don't want the tool to access your login sessions, (2) run it on non-sensitive accounts or inside a VM/container if you need extra isolation, (3) check the xlsx input file is from a trusted source (the script will read it and access the listed URLs), (4) be aware the tool opens a local CDP proxy port and writes temp files (cdp-proxy-<user>), and (5) review/verify the included scripts and Python dependencies before running. If you want to avoid any possibility of the agent autonomously launching the browser against your profile, disable model/skill invocation or run the tool manually with explicit command-line flags.

Review Dimensions

Purpose & Capability: okName/description (webpage → PDF/Markdown, WeChat articles) match the provided scripts: HTTP scraping, browser (CDP) scraping, batch/xlsx handling, Markdown/PDF generation. Requiring a Chrome/Chromium installation and Python libraries is appropriate for the described functionality.
Instruction Scope: noteSKILL.md and scripts instruct launching/controlling a local browser via CDP, reading an input xlsx, creating date folders on the desktop, and writing output files and temporary proxy state files. The skill explicitly documents that browser mode reuses the user's Chrome profile (access to cookies/login sessions) and offers an --isolated flag. These actions are within the scope of the stated purpose but have privacy implications the user should be aware of.
Install Mechanism: okNo remote download/install spec is present; this is an instruction/code bundle with local Python scripts. No external binary downloads or strange URLs are used. Dependencies are standard Python packages (requests, openpyxl, websockets, etc.) and the browser binary (Chrome/Chromium).
Credentials: noteThe skill declares no required environment variables or credentials. However, by default it may reuse the user's Chrome profile directory (platform-specific profile paths) and will read/write temp state files (cdp-proxy-<user>) and output to Desktop—access that is proportionate to scraping but can expose cookies, session tokens, and local profile data. The SKILL.md warns about this and offers an isolated mode.
Persistence & Privilege: okalways:false and no special platform-wide modifications are requested. The CDP proxy may spawn a local helper process and write proxy state files in the temp directory while running, but nothing indicates it persists beyond normal runtime files or modifies other skills/configs.