ClawHub

Browser Proof

v1.0.2

Public ClawHub skill for capturing browser QA and debugging evidence as a machine-readable bundle with steps, artifacts, checks, and a shareable report.

0· 78·0 current·0 all-time
by@zack-dev-cm
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (browser evidence capture + report) match the shipped scripts and SKILL.md. Required binaries (python3/python) are appropriate and minimal for the included Python scripts. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md instructs only to create manifests, append steps, validate bundles, and render markdown using the included scripts. The scripts operate on local files, validate artifact paths, and warn about absolute/private paths and missing artifacts. No instructions ask the agent to read unrelated system files, secrets, or to send data to external endpoints.
Install Mechanism
No install spec; the skill is instruction-first and ships small Python scripts. There are no downloads, package installs, or archive extraction steps. This is the lowest-risk pattern for including reusable utilities.
Credentials
The skill requests no environment variables, tokens, or credentials. Its filesystem access is limited to reading/writing manifests, checking artifact existence under a repo-root path, and creating output directories—proportionate for the described purpose.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request persistent system privileges or modify other skills' configs. Autonomous invocation is permitted by default but not combined with any broad credentials or network exfiltration mechanisms.
Assessment
This skill appears coherent and only uses local Python scripts to build, validate, and render a browser-evidence bundle. Before installing or running: (1) review the included scripts yourself (they are short and local) to confirm they meet your policy; (2) avoid placing secrets, cookies, or raw tokens into manifest fields or artifact files (the SKILL.md already warns about this); (3) run the scripts in a workspace/repo you control so artifact existence checks are meaningful; and (4) if you need higher assurance, inspect the GitHub homepage referenced in metadata and confirm the publisher and commit history. Overall, the footprint is small and proportional to the stated purpose.

Like a lobster shell, security has layers — review code before you run it.

browservk979q2gp9za3qmrqtwkznstv4h84wsvkevidencevk979q2gp9za3qmrqtwkznstv4h84wsvklatestvk979q2gp9za3qmrqtwkznstv4h84wsvkqavk979q2gp9za3qmrqtwkznstv4h84wsvk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Any binpython3, python

Comments