Back to skill
Skillv1.0.0
ClawScan security
Browser Agent Trust Hub · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 30, 2026, 8:05 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's files, instructions, and included script are coherent with its stated purpose (auditing browser-agent policies) and do not request unrelated credentials or perform outside-network actions.
- Guidance
- This skill appears coherent and low-risk: it audits proposed browser actions using the bundled script and enforces that input/output files stay inside the skill directory. Before installing, review the bundled script and any policy/action JSON you provide (keep secrets out of those files). Note that the agent can invoke the skill autonomously by default — ensure you control which workflows call it. If you plan to supply policy or actions at runtime, place them inside the skill directory (as required) and avoid symlinking or otherwise exposing sensitive system paths to that directory. Finally, verify the default allowlist and approval rules match your governance needs rather than relying on defaults.
Review Dimensions
- Purpose & Capability
- okName/description match the included behaviour: the Python script scores policies and proposed browser actions. No unrelated binaries, credentials, or install steps are requested.
- Instruction Scope
- okSKILL.md directs the agent to run the included script and to keep inputs/outputs inside the skill directory. The script only reads JSON from the skill tree, inspects action text and URLs, and writes a JSON report; it does not perform browsing, network calls, or access other system state.
- Install Mechanism
- okThere is no install spec and no external downloads. The skill is instruction-only with a bundled audit script, which lowers install-time risk.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. The script inspects provided JSON and policy fields only; it does not read secrets or access external services.
- Persistence & Privilege
- okalways is false, the skill does not modify agent/system-wide settings, and its file I/O is restricted to the skill directory via safe_path checks.