Skillv1.0.0

ClawScan security

Agent Stealth Scraper · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 3, 2026, 3:13 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill claims powerful Cloudflare/Turnstile bypass capabilities but provides no code, no install steps, no dependencies, and no provenance—this mismatch between claims and what is required/instructed is suspicious.
Guidance: This package is essentially a one-page marketing stub claiming advanced Cloudflare/Turnstile bypass without any source code, install steps, dependencies, or homepage. Before installing or enabling it, ask the publisher for: (1) source code or a trustworthy release URL, (2) a clear runtime dependency list (browsers, captchasolvers, libraries) and network endpoints it will contact, and (3) legal/ethical guidance for use (bypassing protections can violate terms of service or law). Do not provide any credentials to this skill. If you want to test it, run it in an isolated sandbox or ephemeral environment and inspect network activity and filesystem changes. If the author cannot supply verifiable code and provenance, treat the skill as untrusted and avoid enabling it in production.

Review Dimensions

Purpose & Capability: concernThe name/description claim 'native bypass for Cloudflare Turnstile and interstitial pages' and high-performance scraping, but the skill declares no binaries, no packages, no credentials, no config paths, and no source or homepage. Implementing reliable anti-bot bypass typically requires headless-browser tooling (e.g., Puppeteer/Playwright), third-party captcha-solving services, or platform-specific binaries; none are requested or documented. The capability claimed is therefore disproportionate to the tiny, instruction-only manifest.
Instruction Scope: concernSKILL.md contains only a high-level marketing description and a single example CLI invocation (npx openclaw skill run ...). It does not describe what the agent should actually do at runtime (no commands, no network endpoints, no libraries to call). The instructions are vague and grant broad, undefined discretion: a real scraper-with-bypass would need detailed runtime steps. This ambiguity increases risk because the skill could later be implemented as arbitrary behavior without matching the declared metadata.
Install Mechanism: okNo install spec and no code files are present, so nothing will be written to disk or automatically installed by the skill bundle itself. That reduces immediate supply-chain risk. However, absence of an install step also means the skill is currently a stub/marketing doc rather than a functioning implementation.
Credentials: noteThe skill declares no required environment variables, credentials, or config paths. That is proportionate in the sense of not requesting secrets, but it is inconsistent with the claimed functionality (bypassing anti-bot systems commonly requires third-party services or binaries). The lack of any declared credentials or endpoints is a red flag for completeness/provenance, though not directly an exfiltration risk in its current form.
Persistence & Privilege: okThe skill is not marked 'always: true' and uses default invocation settings. It is user-invocable and the agent may call it autonomously (the platform default), which is normal. There is no evidence this skill requests persistent or elevated platform privileges beyond standard skill invocation.