Predicate Snapshot
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (system-prompt-override); human review is required before treating this skill as clean.
This skill appears coherent and disclosed. Before installing, decide whether you want agents to use its reduced snapshots globally, avoid using API-backed mode on sensitive logged-in pages unless you accept the data flow, and require confirmation before letting the agent click or type on high-impact sites. ClawScan detected prompt-injection indicators (system-prompt-override), so this skill requires review even though the model response was benign.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If copied into a system prompt, the agent may use Predicate snapshots on every web task, which could omit some page elements or increase external ML usage.
This advises a global high-priority instruction that changes the agent's observation behavior across tasks. It is disclosed and aligned with the skill, but it can broadly steer tool choice.
For consistent usage across all tasks, add to your agent's system prompt: ... When observing web pages, always use /predicate-snapshot instead of the default accessibility tree.
Prefer task-level instructions unless you intentionally want this as the default for all browsing workflows.
On logged-in or sensitive sites, an autonomous agent could click buttons or type into forms that change account, shopping, or business data.
The skill exposes browser interaction commands that can click, type, and scroll using IDs from its snapshots. This is documented and useful, but it is real mutation authority on web pages.
/predicate-act <action> <element_id> [value] ... /predicate-act click 42 ... /predicate-act type 15 "search query"
Use the action command in trusted workflows and require explicit confirmation for purchases, deletions, submissions, or account changes.
A leaked API key could consume credits or allow use of the user's Predicate account quota.
The skill can use a Predicate API key for ML-powered ranking. This credential use is expected for the service, but the key should be treated as sensitive.
PREDICATE_API_KEY environment variable (optional) ... export PREDICATE_API_KEY="sk-..."
Store the key securely, avoid committing it to files, and use the documented credit/session limits where available.
Current page text or element metadata may include sensitive information if used on private or logged-in pages.
The documented ML-powered mode implies that page snapshot data is processed by Predicate's service when an API key is configured. This is purpose-aligned but creates an external data boundary.
With API key: ML-powered ranking for cleaner output (~95% token reduction, less noise)
Use /predicate-snapshot-local for sensitive pages, and review Predicate's data handling terms before enabling API-backed ranking broadly.
Installing from the wrong or changed repository could run code that was not reviewed in this artifact set.
Manual installation runs a Node dependency install and build from an external repository. This is common for Node-based skills, but users should verify the source because the registry has no install spec.
git clone https://github.com/predicate-systems/predicate-snapshot-skill ~/.openclaw/skills/predicate-snapshot ... npm install && npm run build
Install from the ClawHub package when possible, verify repository ownership, and review package changes before running npm install/build from source.