Skillv1.0.1

ClawScan security

Web2Labs Studio · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 24, 2026, 3:56 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, docs, and runtime instructions align with a cloud video-editing integration that needs a single Web2Labs API key, filesystem access (for downloads/outputs), Node.js, and network access; I found no evidence of unrelated credential requests or covert exfiltration in the provided sources.
Guidance: This skill appears coherent for controlling the Web2Labs Studio service from your agent. Before installing: (1) Only provide WEB2LABS_API_KEY if you trust web2labs.com; the key will be stored in ~/.openclaw/openclaw.json (the code attempts chmod 600). (2) Be cautious when supplying webhook_url values — the skill will POST job results to whatever callback URL you provide (so do not point that at an untrusted endpoint if you want to keep outputs private). (3) yt-dlp will be executed for URL inputs; ensure you are comfortable with the skill running that binary and writing temporary files. (4) If you want strict budget control, configure WEB2LABS_SPEND_POLICY or the WEB2LABS_AUTO_SPEND_* env vars before use. Overall this skill is internally consistent with its stated purpose; if you need higher assurance, confirm the network domains contacted (baseUrl defaults to https://www.web2labs.com) and review the small set of included npm dependencies in package-lock.json.

Review Dimensions

Purpose & Capability: okName/description (cloud video editing: upload, render, thumbnails, cost estimates) match the implemented tools and network calls to web2labs.com. Declared primary credential (WEB2LABS_API_KEY), Node.js requirement, and permissions (network, filesystem) are appropriate for downloading URLs (yt-dlp), uploading files, polling results, and writing outputs/config. No unrelated credentials or unexpected binaries are requested.
Instruction Scope: noteSKILL.md and code instruct the agent to run yt-dlp for URL downloads, call Web2Labs APIs, optionally register webhooks, poll via WebSocket/HTTP, and write the API key into ~/.openclaw/openclaw.json. These are within the skill's stated purpose. Two notes: (1) the skill will send project.completed callbacks to any webhook_url the user supplies — that is expected functionality but could send user data to an attacker-controlled endpoint if the user configures one, (2) SKILL.md references additional env vars controlling spend policy (WEB2LABS_SPEND_POLICY and WEB2LABS_AUTO_SPEND_MAX_*) that are used for behavior but are not listed in the registry's required env list.
Install Mechanism: okThere is no external download/install step in the manifest (no remote URL or package install during agent install). The package includes Node.js source files and a package.json with standard npm dependencies (node-fetch, socket.io-client, form-data, zod, and an MCP SDK). This is a typical embedded skill server implementation and not a high-risk remote-install pattern. No extracted remote archives or shortener/personal-server download URLs were observed.
Credentials: noteThe only declared primary credential is WEB2LABS_API_KEY which is proportional to the skill's function. The skill also documents optional env vars (WEB2LABS_SPEND_POLICY and multiple WEB2LABS_AUTO_SPEND_MAX_* caps) used to control spend behavior; these are reasonable but not listed under requires.env in the registry metadata. The code implements logic to avoid sending auth headers to non-Web2Labs domains (shouldAttachAuth) and stores the API key in the OpenClaw config with file-permissions hardening (chmod 600 attempt).
Persistence & Privilege: notealways:false (no forced inclusion). The skill writes its API key into ~/.openclaw/openclaw.json and sets its own entry enabled — this is standard onboarding behavior for many skills. It does modify the global OpenClaw config only to store its own credentials/enablement, which is expected for a user-approved API key storage but worth noting to users who prefer not to store credentials on disk.