Back to skill
Skillv1.0.1
ClawScan security
自动刷新技能 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 14, 2026, 2:31 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's description matches its goal (automating refreshes/clicks/keys) but the instructions allow running arbitrary commands and interacting with the host UI while declaring no binaries or install — that mismatch and the broad runtime powers are worth caution.
- Guidance
- This skill is an instruction-only recipe for sending key presses/clicks and running timed commands. Before installing: (1) Understand there is no provided binary — the agent would need OS-level capability to simulate keyboard/mouse or execute commands; confirm how your agent sandbox grants or restricts that. (2) Be cautious because the 'custom command' capability can run arbitrary shell commands — avoid granting high privileges or running as admin. (3) If you only want simple webpage reloads, prefer a well-known browser extension or a packaged tool that clearly documents install and permissions. (4) If you proceed, test in a contained environment and restrict what the agent can execute.
Review Dimensions
- Purpose & Capability
- noteName/description match the SKILL.md (timed refreshes, clicks, key presses). However, the docs show CLI usage (auto-refresh ...) but no binary or install is provided — it's unclear whether the agent itself is expected to simulate key/mouse events or call an external tool. This gap (instructions referencing a non-existent CLI) is an inconsistency.
- Instruction Scope
- concernInstructions permit executing 'custom commands' and driving keyboard/mouse events. Allowing arbitrary commands is broad and could execute harmful operations if honored by the agent. Simulating input events requires host OS access not described here. The SKILL.md does not constrain or sanitize custom commands.
- Install Mechanism
- okNo install spec and no code files (instruction-only). That minimizes disk-write risk, but also means the agent would need to provide the behavior itself or call external tools not declared.
- Credentials
- noteNo environment variables, credentials, or config paths are requested — this is proportionate. However, the runtime behavior implies the agent needs permission to send input events or run shell commands; those required privileges are not declared, which is an informational gap.
- Persistence & Privilege
- okalways:false and the skill is user-invocable. It does not request persistent or cross-skill configuration changes. Autonomous invocation is allowed by platform default but is not by itself a red flag here.