Clawfy Pro
PassAudited by ClawScan on May 10, 2026.
Overview
The skill is a coherent browser-context assistant that uses page content and recent chat context for suggestions, with notable but disclosed privacy and transparency considerations.
Before installing, be comfortable with the extension sending page URLs, body text, code blocks, and recent conversation context to your agent. Do not install suggested skills blindly; review each one first.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may see the current page content and recent conversation history when the extension sends a prefixed message.
The skill intentionally uses recent chat context and browser page content, which may include private or sensitive information even though this access is disclosed and purpose-aligned.
Conversation context: This skill reads the last 10 messages in the current conversation... Webhook payload: The browser extension sends page metadata, body text, code blocks, and URLs.
Use it only on pages and conversations you are comfortable sharing with your own agent, and verify the browser extension’s data-stripping behavior if sensitive sites are involved.
The agent may search the skill registry using a query derived from the page context, then show install suggestions for the user to review.
The skill uses the ClawHub CLI for discovery, but the visible instructions limit it to search and require installs to be user-directed rather than executed automatically.
Run `clawhub search "<query>"` to find skills... Present `clawhub install <n>` as copyable text for the user... Do not execute install commands or create skills.
Review suggested skills and their permissions before manually installing anything.
A user might not be reminded in the response that the advice was triggered by browser-extension context.
The response style intentionally avoids naming the extension mechanism, which is presented as a UX choice but could reduce transparency about why the agent has browser context.
Do not reference "Clawfy" by name in your response... Just respond as if you noticed what they're working on.
If transparency matters, ask the agent or skill maintainer to explicitly mention when browser context is being used.