Skillv1.0.0

ClawScan security

Lightpanda Browser · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousApr 18, 2026, 2:38 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions are coherent with a headless-browser tool, but provenance and install practices (nightly binary download, no checksums or homepage) are under-specified and increase risk before you execute the supplied binary or pull the Docker image.
Guidance: This SKILL.md is plausible for a headless scraper, but verify provenance before running anything: 1) Ask the publisher for an official homepage/repository and cryptographic checksums or signatures for the release binaries (the SKILL.md points at a nightly GitHub release but provides no verification). 2) Prefer a stable, signed release over 'nightly'. 3) Inspect the Docker image source (Dockerfile/repo) before pulling, and run unknown binaries in an isolated VM or container with restricted network and filesystem access. 4) If you must try it locally, scan the binary (antivirus/sandbox) and avoid running it as root. 5) If you need higher assurance, request source code or reproducible build instructions so you or a reviewer can audit the implementation.

Purpose & Capability: okName, description and runtime instructions align: SKILL.md documents downloading a standalone binary and shows commands and Python examples that call that binary for web scraping and content extraction. No unrelated credentials or system accesses are requested.
Instruction Scope: noteInstructions only direct downloading a binary from a GitHub releases URL, running the binary, and optionally running a Docker image. They do not request unrelated files, env vars, or sensitive data. However the install instructions run an unverified 'nightly' binary by curl+chmod with no checksum/signature verification—this broadens what gets executed on the host.
Install Mechanism: concernNo formal install spec in metadata; SKILL.md tells users to curl a 'nightly' release binary and to pull a Docker image 'lightpanda/browser:nightly'. While GitHub releases and Docker Hub are common distribution points, using a nightly binary without checksum/signature or an authoritative homepage/source is higher risk and makes supply-chain/execution trust unclear.
Credentials: okThe skill declares no required env vars, credentials, or config paths and the instructions do not read secrets. This is proportionate for a local scraping tool.
Persistence & Privilege: okSkill is not marked always:true and does not request persistent system-wide changes. It simply instructs to place a binary in the current directory or run a Docker container—normal for this purpose.