Back to skill
Skillv1.0.0
ClawScan security
Webcodecs String Finder · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 11, 2026, 1:57 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and runtime instructions are consistent with its stated purpose (looking up WebCodecs codec strings from webcodecsfundamentals.org); it requests no credentials, has no install, and only uses web fetches to the referenced site.
- Guidance
- This skill is internally consistent and low-risk: it only performs web lookups on webcodecsfundamentals.org and asks for no credentials or local files. Before installing, verify you trust the source/repository URL (the SKILL.md lists a GitHub repo) and be aware the agent will make outbound HTTP requests to fetch pages. If you plan to provide example media or sensitive platform info in prompts, avoid including secrets — the skill does not need any API keys or local config. If you want extra assurance, review the referenced GitHub repo yourself before installing.
Review Dimensions
- Purpose & Capability
- okName/description match the declared behavior: the SKILL.md instructs the agent to look up codec support tables and detail pages on webcodecsfundamentals.org and return recommended codec strings. No unrelated credentials, binaries, or config paths are requested.
- Instruction Scope
- okRuntime instructions are narrowly scoped: gather requirements (type/platform/resolution), use web_fetch to read a specific codec-support table URL and per-codec detail pages on webcodecsfundamentals.org, then return 2–3 recommendations with rationale and platform support. The instructions do not request reading local files, other env vars, or sending data to unrelated endpoints.
- Install Mechanism
- okThere is no install spec and no code files; this is instruction-only, so nothing is downloaded or written to disk by the skill itself.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths — precisely appropriate for a read-only web-research helper.
- Persistence & Privilege
- okalways is false and default autonomy is allowed (normal). The skill does not request persistent privileges, modify other skills, or access cross-skill credentials.