Skillv0.1.0

ClawScan security

Browserbase Scraper · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 9, 2026, 10:25 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's runtime instructions legitimately require Browserbase and an LLM API key, but the registry metadata does not declare these credentials and the package references missing example files — this mismatch is incoherent and worth caution.
Guidance: Do not install blindly. Key points to consider before using: (1) The SKILL.md requires BROWSERBASE_API_KEY, BROWSERBASE_PROJECT_ID and GOOGLE_GENERATIVE_AI_API_KEY but the registry metadata lists none — ask the publisher to correct the metadata so required credentials are visible. (2) Use scoped or disposable API keys (test account) rather than production credentials. (3) Confirm the source/owner (the skill has no homepage and unknown source); absence of code files means you rely entirely on instructions — request the example scripts referenced (scripts/example_scraper.js) before running. (4) Be aware scraping Cloudflare-protected sites can violate terms of service or laws; ensure you have permission. (5) Run initial tests in an isolated environment and rotate keys if you expose them during testing. If the publisher responds and metadata is fixed (or example scripts are provided), this looks coherent; until then treat it cautiously.

Review Dimensions

Purpose & Capability: concernThe SKILL.md describes scraping Cloudflare-protected sites with Browserbase/Stagehand and optionally Gemini — those env vars (BROWSERBASE_API_KEY, BROWSERBASE_PROJECT_ID, GOOGLE_GENERATIVE_AI_API_KEY) are coherent with the purpose. However, the registry metadata claims no required env vars or primary credential, which is inconsistent with the instructions and could mislead users about what secrets are needed.
Instruction Scope: noteThe instructions stay within scraping/scraper operation (npm install, Stagehand init, page navigation, waiting, scrolling, extracting and parsing). They do not request unrelated system data. Minor issues: the docs reference a local file (scripts/example_scraper.js) that is not present in the package, and the SKILL.md suggests using 'OpenClaw cron' without providing the example script — this leaves gaps a user would need to fill.
Install Mechanism: okThis is instruction-only (no install spec) and recommends installing @browserbasehq/stagehand via npm. That is a proportionate, standard install recommendation for the described functionality; nothing in the SKILL.md instructs downloading arbitrary executables or third-party archives.
Credentials: concernThe SKILL.md requires two Browserbase credentials and an LLM API key — reasonable for a cloud-browser + AI extraction flow — but the published registry metadata declares no required environment variables or primary credential. The omission is a material mismatch: users may not realize they must provide API keys. Also the skill example uses process.env directly; verify you will supply only scoped/test keys and not high-privilege production credentials.
Persistence & Privilege: okThe skill is not always-enabled and does not request system config paths or persistent privileges. There are no install hooks or indications it will modify other skills or system-wide settings.