v1.0.0

Dogfood

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:32 AM.

Analysis

This is a coherent QA skill, but it can immediately drive a browser through a full app, perform create/edit/delete testing, and save authenticated session state and evidence files.

GuidanceUse this only on apps and accounts you are authorized to test, preferably staging environments with test data. Before running it, specify scope and exclusions, require approval for destructive actions, use least-privileged test credentials, and secure or delete auth-state and captured evidence files after review.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

SKILL.md

| **Scope** | Full app | ... "start immediately with defaults" ... "Try realistic end-to-end workflows (create, edit, delete flows)."

The combination of immediate default execution, full-app scope, and CRUD/delete testing can cause changes in the target application before the user has explicitly bounded the test environment or approved destructive actions.

User impactIf used on a production app or real account, the agent could create, modify, or delete records while testing.

RecommendationUse staging or test accounts by default, require explicit scope/exclusions, and ask for confirmation before any irreversible or externally visible action.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

allowed-tools: Bash(agent-browser:*), Bash(npx agent-browser:*) ... Always use `agent-browser` directly -- never `npx agent-browser`.

The granted tool surface includes an npx path that the workflow itself says is unnecessary, adding a low-level package/provenance surface if used.

User impactIf the npx route were used, it could rely on package resolution outside the direct trusted binary path.

RecommendationRemove the npx allowed tool if it is not needed, or clearly document a trusted, pinned installation source for agent-browser.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

SKILL.md

agent-browser --session {SESSION} fill @e2 "{PASSWORD}" ... agent-browser --session {SESSION} state save {OUTPUT_DIR}/auth-state.json

The skill handles login credentials and then persists authenticated browser state, which may contain cookies or session tokens.

User impactA saved auth-state file could allow reuse of the logged-in session if the output directory is shared, committed, or exposed.

RecommendationUse least-privileged test accounts, keep auth-state files out of reports/repos, secure the output directory, and delete saved state after the test.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusNote

SKILL.md

Produces a structured report with full reproduction evidence -- step-by-step screenshots, repro videos ... agent-browser --session {SESSION} record start {OUTPUT_DIR}/videos/issue-{NNN}-repro.webm

Capturing screenshots, videos, and reports is central to the QA purpose, but those persistent artifacts may include sensitive application, customer, or account data.

User impactThe generated report and media files may reveal private information if shared without review.

RecommendationReview and redact outputs before sharing, avoid capturing unnecessary sensitive data, and store dogfood-output in a protected location.