ClawHub
Back to skill
v1.0.1

Video Proof

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:08 AM.

Analysis

The skill is coherent for recording proof, but it lets generated proof specs run arbitrary local commands and state-changing API/browser actions while saving artifacts that may contain sensitive data.

GuidanceUse this skill only in a controlled development or test environment. Before running, inspect the generated proof spec for start_command, base_url, request methods, headers, bodies, and output paths. Avoid pointing it at production or real customer data unless explicitly intended, and review/redact proof artifacts before committing them.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Unexpected Code Execution
SeverityHighConfidenceHighStatusConcern
scripts/record-proof.js
const port = spec.start_port || 3000; ... spawn('sh', ['-c', spec.start_command], ...); execSync(`curl -sf -o /dev/null http://localhost:${port}`)

The proof spec controls the start command and port, and the script executes them through shell paths with the user's environment. This gives generated proof specs local command-execution capability.

User impactA malicious or poorly reviewed proof spec could run arbitrary commands on the user's machine under the user's account.
RecommendationReview proof-spec.yaml before running it, allow only known project start commands, validate numeric ports, avoid shell execution where possible, and run the skill in an isolated development environment.
Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
scripts/api-proof.js
const method = (req.method || 'GET').toUpperCase(); const url = `${baseUrl}${req.path}`; ... httpRequest(method, url, req.body, req.headers);

API proof specs control method, path, body, and headers, and the script sends them to the configured base URL without limiting to safe methods or local test targets.

User impactIf pointed at staging or production, a proof run could create, update, or delete real data.
RecommendationUse API proof only against local or disposable test systems unless a human explicitly approves the target URL, methods, headers, and request bodies.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
scripts/setup.sh
npm install --save playwright@latest yaml@latest ... npx playwright install chromium ... sudo apt-get update -qq && sudo apt-get install -y -qq ffmpeg

The user-directed setup script downloads latest-version npm dependencies and browser components, and may install system packages with sudo.

User impactSetup can change the local development environment and depends on current upstream package contents.
RecommendationInspect setup.sh, prefer pinned dependencies or a lockfile, and run setup in a disposable dev container or VM if possible.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityMediumConfidenceHighStatusNote
SKILL.md
console.log # Browser console output ... Produces api-proof.md and api-results.json ... Commit proof-artifacts/ with your changes.

The skill persistently stores screenshots, browser console output, API response excerpts, and summaries, then recommends committing those artifacts.

User impactProof artifacts may capture sensitive UI data, API responses, tokens in logs, or private business information and then be shared in a repository or PR.
RecommendationReview and redact proof-artifacts before committing or sharing them, and use test data rather than real customer or production data.