Skillv1.0.0

ClawScan security

mmgamexxyanguo · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 23, 2026, 9:14 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (batch uploading assets to mmgame via browser automation) is plausible and mostly consistent, but the runtime instructions assume access to local files, a logged-in browser session, and a Node script that is not included — those assumptions and implicit privileges deserve caution before installing.
Guidance: This skill appears to describe legitimate browser automation for uploading assets, but it makes implicit assumptions that could expose sensitive data. Before installing or invoking it: 1) Confirm where the actual upload script(s) live — SKILL.md references node scripts/upload.js but no code is packaged. If you expect code to run, obtain and review that code. 2) Understand that the agent will need access to your local files (it mentions copying from arbitrary paths) — only place files you are comfortable sharing into the workspace. 3) The automation will use a logged-in browser session (cookies/auth) — only allow this with an account you trust and consider using a test account. 4) Verify what 'Playwright MCP (browser-operation skill)' is in your environment and whether you trust it to drive your browser and access session data. 5) If you cannot review the external scripts, restrict the agent to a sandboxed workspace and run a small test upload with non-sensitive assets first. If any of these points are unclear or the missing scripts are not provided, treat the skill as untrusted.

Review Dimensions

Purpose & Capability: noteName/description match the instructions: the SKILL.md describes Playwright-based automation to upload assets to mmgame. However the doc references running node scripts (node scripts/upload.js) and copying files into a workspace even though this skill package contains no code files or install spec — it therefore relies on external components (Playwright MCP, project scripts) that are not provided. That gap is explainable but should be confirmed.
Instruction Scope: concernThe instructions tell the agent to copy files from arbitrary user paths into workspace, generate configs, and drive a logged-in browser session to perform uploads. Those are exactly the actions needed to upload assets, but they require the agent to access local filesystem paths and the user's browser session (cookies/auth). The SKILL.md also instructs running a Node script that does not exist in the package; if an agent attempts to run it or to perform file operations, it may need privileges beyond what the skill declares.
Install Mechanism: okThere is no install specification and no code files — this is instruction-only, so nothing will be downloaded or written by an installer. That reduces risk, but also means the skill depends on external tools (Playwright MCP, Node.js, and external scripts) which must be present and trusted.
Credentials: noteThe skill declares no required env vars or credentials, which is consistent. However it implicitly requires access to the user's logged-in browser session (sensitive session cookies) and to local files (arbitrary filesystem paths like X:\微信素材\). Those are proportional to the upload task but are sensitive resources — the SKILL.md does not explicitly document scope/limits for file access or how browser authentication is used.
Persistence & Privilege: okalways is false and the skill does not request persistent presence or system-wide config changes. It does not try to modify other skills. Autonomous invocation is allowed (platform default) but not combined with other high-risk flags.