Predicate Snapshot
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: predicate-snapshot Version: 0.4.0 The OpenClaw AgentSkills skill bundle for 'predicate-snapshot' is benign. It provides ML-powered DOM snapshots and action execution for browser automation, aiming to reduce LLM token usage. The code and documentation clearly outline its purpose, which involves interacting with the `predicate.systems` API (its owner) and optionally with legitimate LLM providers (OpenAI, Anthropic) for enhanced functionality. All external network calls, file system operations, and shell commands observed in the installation and test scripts are standard for a skill of this nature and are directly tied to its stated purpose. There is no evidence of data exfiltration, unauthorized persistence, malicious execution, or prompt injection attempts designed to subvert the AI agent's core directives or steal sensitive information.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If copied into a system prompt, the agent may use Predicate snapshots on every web task, which could omit some page elements or increase external ML usage.
This advises a global high-priority instruction that changes the agent's observation behavior across tasks. It is disclosed and aligned with the skill, but it can broadly steer tool choice.
For consistent usage across all tasks, add to your agent's system prompt: ... When observing web pages, always use /predicate-snapshot instead of the default accessibility tree.
Prefer task-level instructions unless you intentionally want this as the default for all browsing workflows.
On logged-in or sensitive sites, an autonomous agent could click buttons or type into forms that change account, shopping, or business data.
The skill exposes browser interaction commands that can click, type, and scroll using IDs from its snapshots. This is documented and useful, but it is real mutation authority on web pages.
/predicate-act <action> <element_id> [value] ... /predicate-act click 42 ... /predicate-act type 15 "search query"
Use the action command in trusted workflows and require explicit confirmation for purchases, deletions, submissions, or account changes.
A leaked API key could consume credits or allow use of the user's Predicate account quota.
The skill can use a Predicate API key for ML-powered ranking. This credential use is expected for the service, but the key should be treated as sensitive.
PREDICATE_API_KEY environment variable (optional) ... export PREDICATE_API_KEY="sk-..."
Store the key securely, avoid committing it to files, and use the documented credit/session limits where available.
Current page text or element metadata may include sensitive information if used on private or logged-in pages.
The documented ML-powered mode implies that page snapshot data is processed by Predicate's service when an API key is configured. This is purpose-aligned but creates an external data boundary.
With API key: ML-powered ranking for cleaner output (~95% token reduction, less noise)
Use /predicate-snapshot-local for sensitive pages, and review Predicate's data handling terms before enabling API-backed ranking broadly.
Installing from the wrong or changed repository could run code that was not reviewed in this artifact set.
Manual installation runs a Node dependency install and build from an external repository. This is common for Node-based skills, but users should verify the source because the registry has no install spec.
git clone https://github.com/predicate-systems/predicate-snapshot-skill ~/.openclaw/skills/predicate-snapshot ... npm install && npm run build
Install from the ClawHub package when possible, verify repository ownership, and review package changes before running npm install/build from source.