Back to skill
Skillv0.1.1
ClawScan security
Airline Info To Website · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 8, 2026, 8:12 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The code matches the stated scraping and image-classification purpose, but the SKILL.md explicitly instructs bypassing agent permissions and granting broad filesystem/edit permissions (and to run with a `--dangerously-skip-permissions` flag), which is disproportionate and risky.
- Guidance
- This skill's code looks consistent with its stated purpose (scraping seatmaps.com and organizing images), but the runtime README instructs you to bypass permission checks and give the agent broad filesystem/edit access — a high-risk request. Do NOT run it with `--dangerously-skip-permissions` or blindly paste the settings.json snippet. Safer options: (1) run the Python/Node scripts locally yourself from a terminal (not via an autonomous agent), limiting the --output path to a dedicated folder; (2) inspect the scripts (they are included) and run them inside an isolated VM or container; (3) use the --dry-run flags first to verify behavior; (4) avoid changing agent-wide ~/.claude/settings.json to allow Read(~/Desktop/**) or access to other skills; (5) monitor network traffic and review seatmaps.com terms/robots.txt to ensure scraping is allowed. If you must use the skill via an agent, restrict its allowed paths to only the intended output directory and deny Edit/Write to unrelated locations.
Review Dimensions
- Purpose & Capability
- noteThe included Python scraper and Node classification/dedup scripts directly implement the described goal (scrape seatmaps.com, save images, classify and deduplicate, generate Markdown). No unrelated credentials or binaries are requested.
- Instruction Scope
- concernSKILL.md instructs running the agent with `--dangerously-skip-permissions` or editing `~/.claude/settings.json` to allow wide permissions including Read(~/Desktop/**) and Read(~/skills/**), Edit, Write, MultiEdit. Scraping and local file output do not legitimately require broad access to the user's Desktop or other skills folders — this grants the agent scope far beyond the stated task.
- Install Mechanism
- okNo remote downloads or installers are included; scripts are provided and dependencies are normal (pip install requests beautifulsoup4, Node.js). There is no high-risk install URL or archive extraction.
- Credentials
- concernThe skill requests no environment variables or credentials, which is appropriate, but the runtime instructions demand broad filesystem permissions in the agent config. Granting access to ~/Desktop/** and ~/skills/** and Edit/Write privileges is disproportionate to a scraper that only needs a single output directory.
- Persistence & Privilege
- concernWhile always:false, the SKILL.md recommends persistent agent configuration changes (editing ~/.claude/settings.json) to allow bypassed permissions. Modifying agent settings to permanently broaden read/write capabilities increases long-term risk and privilege surface.