Skillv1.0.2

ClawScan security

test转储 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 10, 2026, 5:40 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The instructions describe a reasonable RPA task (scrape a PCS page, export Excel, upload to EBP) and request Playwright/Python, but the skill package contains no code and the runtime steps ask the agent to run a local script in the user's home; missing code and undeclared authentication are incoherent and merit caution.
Guidance: Do not run the commands in SKILL.md until you verify what main.py is and review its code. The published skill contains only documentation, no code—its instructions expect a script at ~/.openclaw/skills/test-test01/scripts/main.py that is not provided. Before installing or scheduling anything: (1) obtain the actual implementation and inspect it line-by-line to ensure it only accesses the intended PCS/EBP URLs and does not exfiltrate data; (2) confirm how authentication is handled (do not hard-code credentials in scripts; use secure storage); (3) be aware that `playwright install` will download browser binaries to the machine; (4) if you plan to cron this, test interactively first and limit the account privileges it runs under. If the publisher supplies the missing main.py, share its code for a re-evaluation—if that code matches the described behavior and contains no unexpected network calls or file access, the assessment could be upgraded to benign.

Review Dimensions

Purpose & Capability: noteThe declared purpose (automatically scrape a PCS page, export Excel, and import to EBP) matches the dependencies (python, playwright). However the SKILL.md expects a main.py under ~/.openclaw/skills/test-test01/scripts but the published skill contains no code files—this mismatch means the package does not actually provide the implementation it instructs to run.
Instruction Scope: concernRuntime instructions tell the agent/user to cd into a path in the user's home and run python main.py, install Playwright (which downloads browser binaries), and add a cron job. Because no script is included, following these instructions would execute whatever main.py already exists on disk (potentially arbitrary code). The instructions do not declare how to authenticate to PCS/EBP (no creds specified) yet describe performing uploads and downloads, which is an unexplained gap.
Install Mechanism: okThere is no install spec in the registry package (instruction-only). The SKILL.md recommends pip install and playwright install, which are normal for a Playwright-based RPA task; no remote, arbitrary download URLs or extract steps are specified in the package itself.
Credentials: concernThe skill declares no required environment variables or credentials. In practice, automating login/upload to PCS/EBP normally requires authentication (username/password, API token) but the skill neither requests these nor explains where credentials should come from. That omission is a design gap and could lead to unsafe ad-hoc credential handling by the user or the script.
Persistence & Privilege: okThe skill is not marked always:true and uses normal autonomous invocation defaults. The SKILL.md suggests the user may add a cron job, but the package itself does not request persistent or system-wide privileges or modify other skills' settings.