Skills Browser
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
While the server is running, other devices on the network or websites loaded in the user's browser may be able to query the installed skills list and skill details.
The API permits any web origin to read responses and the server listens on all network interfaces, despite the skill being described as a local browser accessed at 127.0.0.1.
self.send_header("Access-Control-Allow-Origin", "*") ... server = HTTPServer(("0.0.0.0", port), Handler)Bind only to 127.0.0.1, remove wildcard CORS unless strictly needed, and consider a local-only token or same-origin access model.
A crafted request may be able to traverse outside the intended skills directory and read other reachable files named SKILL.md.
The URL path segment is used directly in a filesystem path without normalization or containment checks.
skill_id = parsed.path[11:] md_path = os.path.join(SKILL_DIR, skill_id, "SKILL.md")
Validate skill IDs against the enumerated skills list, reject path separators and '..', and verify the resolved path remains inside the intended skills directory.
Running the skill could terminate an unrelated local service and potentially disrupt work or cause data loss in that service.
The launch script force-kills any process listening on port 8765, not just a prior instance of this skill.
lsof -ti:8765 | xargs kill -9 2>/dev/null
Do not force-kill arbitrary port users. Detect whether the process belongs to this skill, ask for confirmation, use graceful shutdown, or choose another free port.
The local web server may continue running after the user thinks they are done, keeping the exposed API available.
The script starts the server in the background while PID tracking and waiting are commented out, so the process is not clearly tied to the invoking session.
python3 server.py & # SERVER_PID=$! ... # wait $SERVER_PID
Track the server PID, provide a clear stop command or browser shutdown endpoint, and document how users can terminate the server.