Skillv1.0.0

ClawScan security

nl2ms-ui · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 11, 2026, 9:29 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only helper for generating Midscene automation scripts and its files/examples are consistent with that purpose; it does not request unexpected credentials or install anything, though the examples reference local .env and storage files which you should review before running generated scripts.
Guidance: This skill appears to be a straightforward Midscene script generator and is internally consistent. Before using it or running generated scripts: (1) review any .env or storage/state.json files the examples reference — they may contain API keys or login state you do not want to leak; (2) confirm any remote endpoints (e.g., createRemotePCService URLs) are trusted and under your control; (3) be mindful that running the example scripts will access local devices, browsers, or apps (connected Android devices, WebDriverAgent, Playwright browser contexts, PC services), so only run them in environments where that access is intended; (4) if you need the skill to operate automatically, consider which API keys you store and where. If you want, I can list the specific example files and the exact local paths/env usages they reference.

Review Dimensions

Purpose & Capability: okThe name/description claim to generate Midscene scripts for Android/iOS/Web/PC. The included examples and SKILL.md are exactly sample scripts and guidance for those platforms (Playwright for Web, @midscene/android and iOS/WebDriverAgent examples, PC agent examples). There are no unrelated requirements (no cloud credentials, no unrelated binaries).
Instruction Scope: noteThe SKILL.md and example files stay within the stated purpose (show how to produce Midscene scripts). They do, however, reference local resources and runtime behaviors you should be aware of: use of dotenv/.env, reading storage/state.json, and optional remote PC service endpoints (e.g., http://localhost:3333). The skill instructions do not instruct the agent to read arbitrary system-wide credentials, but the examples assume the user will supply .env and local state files when running scripts.
Install Mechanism: okThis is instruction-only with no install spec and no code files to execute on install. That minimizes installation risk.
Credentials: noteThe skill declares no required env vars or credentials (none in metadata), yet example scripts import dotenv/config and reference .env and local storage (../../.env, ../../storage/state.json). This is reasonable for test scripts (they commonly load API keys or saved browser state), but the SKILL.md does not enumerate which env vars the user must provide. Users should not accidentally expose unrelated secrets in those files.
Persistence & Privilege: okThe skill does not request always:true and does not modify other skills or system settings. It is user-invocable and can be called autonomously per platform defaults, which is normal for an instruction-only skill.