Skillv1.0.0

ClawScan security

obclip · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 11, 2026, 4:51 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements and instructions are coherent with its stated purpose (installing and operating the obclip CLI); it is instruction-only and does not request unrelated credentials, but it does instruct use of npm/npx and passing browser profile paths which have privacy implications you should understand before use.
Guidance: This skill appears to do what it says: it tells the agent how to install and run the obclip CLI. Before installing or running it, consider: 1) npm/npx will fetch and execute code from the npm registry — verify the @harris7/obclip package and its source (review repository, recent publish history) if you don't already trust it; 2) avoid pointing --browser-profile at your daily Chrome/Edge profile because that exposes cookies and session tokens to the launched browser process — use a dedicated profile directory; 3) when using npx you are running a transient remote package (inspect it first if you need to); 4) the skill configuration allows the agent to invoke the skill implicitly — if you want to avoid automated runs, disable implicit/autonomous invocation or only call the skill explicitly. If you want deeper assurance, request the package repository URL and review the obclip package's source before running npm install.
Findings: [no_regex_findings] expected: The static scanner found no code patterns; this is expected because the skill is instruction-only (only SKILL.md and markdown references). The primary risk surface is the runtime behavior the instructions prescribe (npm/npx, passing browser profile paths).

Review Dimensions

Purpose & Capability: okName/description match the content: the SKILL.md explains how to install, invoke, and troubleshoot the @harris7/obclip CLI. All declared artifacts (command recipes, install advice, troubleshooting) are appropriate for a CLI helper.
Instruction Scope: noteInstructions stay within clipping/CLI scope. They do advise using --browser-profile and --browser-executable: pointing the tool at a browser profile can expose cookies/session state to the invoked browser process (a legitimate need for logged-in clipping but a privacy risk). The skill itself does not ask the agent to read arbitrary files or secrets beyond providing paths to obclip; it warns not to point at your daily Chrome profile.
Install Mechanism: noteThis is an instruction-only skill (no install spec). Runtime instructions tell the agent to run npm install -g or npx @harris7/obclip. Using npm/npx executes code from the npm registry (expected for a CLI helper) — moderate trust required in the published package and its maintainer.
Credentials: okNo environment variables, secrets, or unrelated credentials are requested. The only potential sensitive input is a browser profile path (user-provided) which is justified for logged-in captures but should be used cautiously.
Persistence & Privilege: noteSkill is not always-on; it is user-invocable. agents/openai.yaml sets allow_implicit_invocation true (the agent may invoke the skill implicitly/autonomously). That is the platform default for many skills; combined with the previous note about profile paths, consider whether you want automated runs that might be given profile paths.