Skillv1.0.1

ClawScan security

test转储 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 10, 2026, 5:42 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions describe an RPA task that accesses internal web pages and runs a local script, but the package lacks the referenced code/files and declares no credentials — the pieces don't add up.
Guidance: This skill is incomplete and inconsistent: the documentation tells you to run a local script and install Playwright, but the package contains no scripts to run. Before installing or running anything, ask the publisher for the missing code (main.py and the scripts directory) and for a clear explanation of how authentication to the PCS/EBP sites is handled. Treat the internal URLs carefully — running the automation will access your internal network and download a browser binary. If you decide to proceed, review the code first, run it in an isolated/test environment, and avoid providing broad credentials until you confirm where and how they are used. If the publisher cannot provide the implementation and safe usage details, do not install or run the steps from this SKILL.md.

Review Dimensions

Purpose & Capability: concernThe declared purpose is an RPA data transfer from a PCS page into an EBP system, which reasonably requires a script and browser automation. However the SKILL.md references a local script path (~/.openclaw/skills/pcs-epbp/scripts/main.py) and a different internal service name (pcs-epbp) while the registry slug is test-test1/test-test01. The skill bundle contains no code files, so the manifest does not actually provide the implementation the description requires.
Instruction Scope: concernInstructions direct Playwright to open internal HTTP endpoints (masked as http://xxx:5173) and perform export/upload actions. They also prescribe installing packages and running a local Python script. The SKILL.md does not specify how authentication to EBP is handled (no credentials declared) and instructs accessing network resources and local filesystem paths — potentially exposing internal data — yet no implementation or safeguards are provided.
Install Mechanism: noteThere is no formal install spec in the registry (instruction-only). The README suggests running 'pip install playwright' and 'playwright install chromium', which will download a browser binary. That behavior is expected for Playwright-based RPA but can download substantial binaries at runtime. Because no code is included, there is no packaged source to audit before following these install steps.
Credentials: concernThe skill declares no required environment variables or credentials, yet it clearly needs network access to internal services and likely needs authentication to the EBP system. The absence of declared credentials or guidance for secure handling (e.g., where to store credentials, how to authenticate) is inconsistent with the described workflow.
Persistence & Privilege: okThe skill does not request persistent or always-on privileges (always: false) and does not request modifying other skills or system-wide settings. Autonomous invocation is allowed by default but is not combined here with other high-risk privileges.