Skillv1.0.2

ClawScan security

Video Proof · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 26, 2026, 7:45 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions match its stated purpose (recording UI/API proofs) and do not request unexpected credentials or remote endpoints, but the installer and runtime will run local shell commands and may install system packages — review before running on a sensitive machine.
Guidance: This skill appears to do what it says: start your app, run scripted steps, and capture video/screenshots/logs. Before using it: (1) inspect any proof-spec.yaml provided by an agent — the start_command field runs exactly what you put there and can execute arbitrary shell commands; (2) run scripts/setup.sh only on machines you control (it will download npm packages, Playwright browser binaries, and may attempt to use sudo to install ffmpeg); (3) avoid pointing base_url at sensitive external services or endpoints with secrets — api-proof.js will send HTTP requests to whatever URL you configure; (4) prefer running in an isolated environment (local dev VM, CI runner, or container) rather than on a machine with sensitive credentials. If you want, run the scripts manually once to verify behavior before integrating into an automated agent workflow.

Review Dimensions

Purpose & Capability: okName/description match the included scripts: record-proof.js uses Playwright to record screen/screenshot/console output and api-proof.js exercises HTTP endpoints. Dependencies (Playwright, yaml, optional ffmpeg) are appropriate for the declared functionality.
Instruction Scope: noteSKILL.md and scripts limit themselves to starting a local server (via a user-provided start_command), driving a browser or HTTP requests, and writing local artifacts. However, start_command accepts any shell command (intentionally) so a malicious or mistaken proof-spec could cause arbitrary commands to run — this is a necessary capability for starting apps but is a user-supplied attack surface that should be reviewed before running.
Install Mechanism: noteThere is no platform install spec in metadata, but scripts/setup.sh performs npm installs, runs npx playwright install (downloads browser binaries), and may call system package managers (apt-get/brew/dnf/pacman) with sudo to install ffmpeg. These are standard for Playwright but require network access and (for ffmpeg) elevated privileges on some systems.
Credentials: okThe skill does not declare or read any secrets or unrelated environment variables. The scripts copy the current environment into spawned processes and set only PORT/BROWSER; no credentials or external tokens are requested.
Persistence & Privilege: noteSkill is not always-enabled and does not try to persist as an agent-level plugin. The one-time setup script can install system packages and may use sudo to install ffmpeg; runtime spawns detached server processes (killed by process group) which is expected but means long-running processes could be created if a start_command forks.