Video Proof
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly aligned with recording demo proof, but generated proof specs can run shell commands and mutate APIs with limited guardrails.
Install and run this only on trusted repositories and proof specs. Keep demos local or in disposable staging environments, review any start_command and API requests before execution, avoid destructive requests unless intentional, and inspect generated proof artifacts before committing them.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A poisoned or unreviewed proof spec could run unintended commands with the agent user's local permissions and environment.
The proof spec controls start_command and start_port; start_command is intentionally run through a shell, and start_port is interpolated into a shell command without numeric validation.
const port = spec.start_port || 3000; ... execSync(`curl -sf -o /dev/null http://localhost:${port}`, { timeout: 5000 }); ... spawn('sh', ['-c', spec.start_command], ...)Review proof specs before running, require approval for start commands, validate ports as integers, avoid shell interpolation for curl checks, and prefer isolated containers or test environments.
If pointed at staging or production, a proof run could create, modify, or delete application data as part of the demo.
API method, URL path, headers, and body are all spec-controlled and then executed directly; the reference schema also documents POST and DELETE proof requests.
const method = (req.method || 'GET').toUpperCase(); const url = `${baseUrl}${req.path}`; ... await httpRequest(method, url, req.body, req.headers);Default to localhost or disposable test systems, require explicit approval for non-GET or non-local API requests, and use test credentials and reversible fixtures.
Setup can change local dependencies and system packages, and latest-version installs may differ over time.
The setup script installs latest npm packages and may install system packages with sudo; this is disclosed and purpose-aligned, but expands the trusted install surface.
npm install --save playwright@latest yaml@latest ... npx playwright install-deps chromium ... sudo apt-get update -qq && sudo apt-get install -y -qq ffmpeg
Run setup only in a trusted project or container, review the script first, and prefer pinned dependencies or the included lockfile where possible.
Screenshots, videos, API responses, or console logs could accidentally include secrets, personal data, or internal details in a repository or PR.
The skill persistently stores visual proof and browser console output, then recommends committing those artifacts.
proof-artifacts/ ... video.webm ... screenshots/ ... console.log ... proof-summary.md ... Commit proof-artifacts/ with your changes.
Use synthetic test data, review and redact generated artifacts before committing, and avoid recording authenticated real-user sessions.