Skillv1.0.2

ClawScan security

gpu-cluster-monitor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 24, 2026, 8:16 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The package marketed as a GPU cluster monitor is actually a containerized deep web scraper for YouTube/X that requires Docker and Playwright; the name/description, runtime instructions, and included files are inconsistent and raise privacy/operational risks.
Guidance: Do not install this expecting a GPU cluster monitor — the skill is actually a containerized deep web scraper. Before proceeding: 1) Verify the author's identity and source (homepage is missing). 2) Ask for the Dockerfile and review it; do not build/run the container until you inspect its contents. 3) Run any testing inside an isolated VM or sandbox with no sensitive mounts and restricted network access. 4) Be aware the code intercepts page network requests and performs UI automation; it can capture API responses or tokens if pointed at authenticated pages. 5) If you wanted GPU monitoring, reject this package and look for a different, clearly named skill that uses nvidia-smi / Prometheus exporters and requests only the credentials it needs. 6) If you must use this scraper, ensure it complies with target sites' terms of service and applicable law, and avoid running it with elevated privileges or mounting host directories containing secrets.

Review Dimensions

Purpose & Capability: concernName and description claim a GPU cluster monitor, but SKILL.md and the included code implement a 'deep-scraper' (YouTube/X scraping with network interception). A GPU monitoring skill would not need Crawlee/Playwright or instructions for building a Docker scraper. This is a major mismatch.
Instruction Scope: concernThe SKILL.md instructs building/running a containerized Playwright/Crawlee scraper that intercepts network requests, clears cookies, and triggers UI interactions to capture hidden APIs/transcripts. That scope goes beyond a resource monitor and includes actions that could capture sensitive network responses or personally identifiable content; the instructions also claim 'penetrate protections' which is concerning.
Install Mechanism: noteThere is no formal install spec, but SKILL.md expects building a Docker image (clawd-crawlee). The manifest does not include a Dockerfile despite instructing the user to keep one in the skill directory. package.json declares crawlee/playwright dependencies and an openclaw docker requirement. Missing Dockerfile and mismatch between registry metadata and instructions is an inconsistency the user should verify.
Credentials: concernThe skill requests no environment variables, but requires Docker (privileged capability to run containers) and network access; the scraping code listens to all page network requests and can fetch intercepted URLs. That capability is not justified by the registry name/description and could capture tokens or private API responses if misused.
Persistence & Privilege: notealways is false and the skill doesn't request system-wide config changes. However, it requires the ability to run Docker containers which grants substantial runtime privileges on the host; run-time container privilege should be considered when evaluating risk.