Skillv1.0.0

ClawScan security

WebClip Save & Summarize Web Pages · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 12, 2026, 3:00 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions are consistent with its description: it fetches web pages, strips HTML, converts to markdown, and can save files locally; nothing in the bundle requests unrelated credentials or remote endpoints.
Guidance: This skill appears coherent and does what it claims: fetch pages, remove junk, produce markdown, and save locally. Before installing or enabling it: 1) Review and (if needed) run the code in a sandboxed environment since it performs network fetches and writes files locally. 2) Note the advertised 'caching' behavior isn't implemented (fetch() always downloads); if you rely on caching, modify the code to check cacheDir. 3) save(filename) accepts a caller-supplied filename — consider restricting or sanitizing filenames to avoid path traversal (the code sanitizes generated slugs but will join any provided filename to cacheDir). 4) The fetcher blocks many internal IP ranges, limits redirects, and caps response size, which reduces SSRF/internal network risk, but you should still not expose this skill to untrusted agents or inputs. If you need stronger guarantees, run it in an isolated container, set cacheDir to a safe path, and add explicit filename validation and a real cache lookup.

Purpose & Capability: noteOverall the code matches the described purpose (fetch, clean, convert, batch, save). Minor mismatch: SKILL.md/README advertise a caching feature (“Caching — don't re-fetch pages you've already clipped”), but the implementation creates a cache directory and a save() method without implementing a read/cache lookup in fetch(); so 'caching' is not actually performed before fetching.
Instruction Scope: okRuntime instructions do exactly what is expected: fetch arbitrary URLs, strip HTML, produce markdown, and optionally save files locally. The code explicitly blocks internal/metadata IP address ranges and limits response size and redirects. It writes files to a local cacheDir (default './web-cache'), which is expected behavior for an offline archive feature.
Install Mechanism: okNo install spec and the code uses only Node built-ins (https/http/fs/path). No remote downloads or third-party packages are introduced, so installation risk is low.
Credentials: okNo environment variables, credentials, or external service tokens are requested. The skill's filesystem writes (cache/archive) are proportionate to its stated functionality.
Persistence & Privilege: okalways:false and the skill does not request persistent platform privileges or modify other skills. It can be invoked autonomously (default), which is normal — no additional privileged behavior observed.