Video Proof
WarnAudited by ClawScan on May 10, 2026.
Overview
Video Proof largely matches its stated demo-recording purpose, but unreviewed proof specs can trigger local shell execution, including an unsafe shell-interpolated port check.
Install and run this only in a trusted development environment. Review any proof-spec.yaml before execution, especially start_command, start_port, base_url, and API request methods; do not target production or real user data, and inspect generated proof artifacts before committing them.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or compromised proof-spec file could execute local commands under the user's or coding agent's account when the proof is run.
In spec-file mode, start_port is taken from YAML without numeric validation and then interpolated into a shell command. A crafted proof spec could turn the port value into shell syntax; api-proof.js contains the same readiness-check pattern.
const port = spec.start_port || 3000; ... execSync(`curl -sf -o /dev/null http://localhost:${port}`, { timeout: 5000 });Do not run proof specs from untrusted repos without review. The implementation should validate ports as numbers and replace shell-based curl checks with a Node HTTP/net readiness check.
If an agent or user runs a proof spec influenced by untrusted text, it may start the wrong process or run unintended local commands.
The proof spec's start_command is executed through the shell and inherits the current environment. This is central to starting arbitrary app stacks, but it is broad local authority.
serverProc = spawn('sh', ['-c', spec.start_command], { ... env: { ...process.env, BROWSER: 'none', PORT: String(port) } });Review generated proof specs before running them, use known project start scripts, and run in a sandbox or disposable development environment when possible.
Setup may change the machine and trusts current package registry contents and system package sources.
The setup script downloads latest-version npm packages, installs Playwright browser/system dependencies, and may invoke privileged system package managers. This is purpose-aligned but under-declared by the registry install metadata.
npm install --save playwright@latest yaml@latest ... npx playwright install-deps chromium ... sudo apt-get update -qq && sudo apt-get install -y -qq ffmpeg
Run setup manually after review, prefer pinned dependency versions or a lockfile, and avoid privileged system installs unless you trust the environment.
Secrets, personal data, staging data, or account information visible during the demo could be saved into the repository or PR.
The skill persists browser recordings, screenshots, logs, and summaries, then recommends committing them. That is expected for proof artifacts, but the artifacts may contain sensitive UI, log, or API data.
proof-artifacts/ ... video.webm ... screenshots/ ... console.log ... proof-summary.md ... Commit proof-artifacts/ with your changes.
Use synthetic data, avoid production targets, and review or redact proof artifacts before committing or sharing them.