Back to skill
Skillv1.0.0
ClawScan security
Agentic Browser Workflow Templates · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 30, 2026, 8:05 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and runtime instructions match its stated purpose (generating browser-agent workflow templates); it requests no credentials, makes no network calls, and only reads/writes files the user explicitly supplies.
- Guidance
- This skill appears coherent and low-risk: it only generates templates and reads/writes files you explicitly supply. Before running or allowing autonomous invocation, (1) inspect any JSON steps file you pass in to avoid leaking sensitive contents, (2) choose an output path you control (avoid system or other skills' config directories), and (3) remember the skill does NOT execute browser actions — you must connect it to your browser automation tools and human approvals before performing live operations.
Review Dimensions
- Purpose & Capability
- okThe name/description, SKILL.md, and the included Python script all align: they generate reusable browser workflow templates, approval gates, evidence requirements, and handoff schema. There are no unrelated requirements (no env vars, binaries, or network access).
- Instruction Scope
- noteSKILL.md restricts behavior to template generation and explicitly warns to review outputs before connecting to live browser tools. The script accepts an optional --steps PATH and --output PATH: it will read any file path you supply and write output to the given location. This is expected for the feature, but be careful not to point it at sensitive system files or destinations you don't control.
- Install Mechanism
- okNo install spec is present (instruction-only). The included Python script is self-contained, uses only the standard library, and will not download or install external code.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths. It does not attempt to access secrets or external services.
- Persistence & Privilege
- okThe skill is not marked always:true and does not request persistent system privileges. Model invocation is allowed (platform default); given the script's local-only behavior this poses low additional risk.