Skillv1.0.0

ClawScan security

pms-worklog · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 13, 2026, 2:17 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions are consistent with its stated purpose (automating PingCode/PMS worklog entry); it requires Playwright + Node and asks the user to supply their PMS credentials, which matches the described behavior, but there are some minor operational and hygiene issues to be aware of before running it.
Guidance: This skill appears to do exactly what it says: control a Chrome browser via Playwright to log into your PingCode/PMS and submit worklog entries. Before running it: (1) review the full script to ensure there are no outbound network calls or telemetry (the visible code only manipulates the browser and saves local screenshots); (2) do not hardcode real credentials in the file — prefer exporting PMS_USERNAME/PMS_PASSWORD in your shell or a secure secrets store; (3) update screenshotDir and any user-specific paths to a safe location you control; (4) be aware the SKILL.md asks you to install Playwright globally and download Chromium (this will use network bandwidth and write browser binaries to disk); (5) run the script first in a test account or sandbox to confirm behavior (it will drive a real browser and can interact with any site the browser can reach); (6) because the package owner is unknown and source/homepage are missing, treat it like untrusted code: inspect it thoroughly and consider running under a restricted account or container. If you want, I can scan the rest of the truncated script for additional network or data-exfiltration calls — provide the full file and I'll re-check.

Review Dimensions

Purpose & Capability: okThe name/description (auto-fill PingCode/PMS worklogs) align with the included script and SKILL.md: the script uses Playwright to log in, navigate the PMS site, fill fields, click UI elements, and save screenshots. Required binaries (node, npm) and the dependency on Playwright are proportional to this purpose.
Instruction Scope: noteSKILL.md instructs running the included Playwright script and editing a clear configuration block with username/password, dates, work item, screenshot directory, etc. That is expected for this automation, but the instructions encourage placing credentials directly in the script (less secure) and reference hardcoded local paths (e.g., /Users/aispeech/.openclaw/...), which are environment-specific and may require user modification. The SKILL.md does not instruct reading unrelated system files or contacting endpoints outside the PMS site.
Install Mechanism: noteThere is no automated install spec (instruction-only), which is lower risk. The SKILL.md tells the user to npm install -g playwright and run 'playwright install chromium' — that will download browser binaries and requires network access. This install approach is typical for Playwright but the manual step should be noted by users before running.
Credentials: noteThe registry lists no required env vars, but the SKILL.md and script support using PMS_USERNAME and PMS_PASSWORD environment variables (recommended). That optional credential usage is proportional to the task. Be aware the script defaults to embedding credentials if the user edits the config block (insecure). The script saves screenshots to a user-specific path, which is expected but should be updated for other users.
Persistence & Privilege: okThe skill does not request persistent platform privileges (always:false). It's an instruction-only/scripted skill that runs when invoked and does not modify other skills or system-wide agent settings.