Back to skill
Skillv1.0.1
ClawScan security
Avenir Web · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 9, 2026, 6:04 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill appears to implement the advertised autonomous web-agent functionality, but there are clear inconsistencies between the registry metadata and the actual repository/instructions (notably around required credentials and the packaging/install model), so review before installing or granting credentials.
- Guidance
- This repository appears to be a genuine web-agent implementation, but there are mismatches you should address before installing: (1) The registry metadata does not declare that OPENROUTER_API_KEY is required, yet SKILL.md, README, and example scripts enforce it — do not provide unrelated or high-privilege credentials. (2) The package contains many Python modules and a requirements.txt; you must install dependencies (including Playwright and possibly heavy ML libs like torch) and run browser startup steps. (3) The agent takes screenshots and sends them (plus page metadata) to the configured LLM endpoint — if you plan to run it on sensitive sites, be aware those images and metadata go to the model provider. Recommended next steps: review src/runtime/llm_engine.py to confirm endpoints and logging behavior, run the code in an isolated/sandboxed environment, set OPENROUTER_API_KEY to a scoped/test key first, and verify config files (src/config/batch_experiment.toml) do not contain hardcoded secrets. If you are not comfortable, ask the publisher to fix the registry metadata to declare OPENROUTER_API_KEY and provide an explicit install guide.
Review Dimensions
- Purpose & Capability
- noteName/description (Avenir-Web autonomous web tasks) match the included codebase: Playwright-based browser control, single/batch runners, atomic actions, screenshot+LLM flows and demo/dashboard support. However the registry metadata indicated 'Required env vars: none' and 'instruction-only', while SKILL.md/README and example scripts require an OPENROUTER_API_KEY and many source files are present — this mismatch is incoherent and should be corrected.
- Instruction Scope
- okSKILL.md instructs use of the repository entrypoint scripts (example.py, scripts/atomic_action.py, scripts/read_page.py, src/run_agent.py). It explicitly documents taking screenshots and sending screenshot+page metadata to the configured LLM provider (OpenRouter). The instructions do not ask for unrelated system files or arbitrary host credentials; they do require an API key for the model provider and filesystem paths for outputs.
- Install Mechanism
- noteNo install spec is declared in the registry (the skill was marked 'instruction-only'), but the package actually contains many Python source files and a requirements.txt (Playwright, torch, etc.). That is inconsistent: running the code will require installing dependencies and Playwright browsers. Missing an explicit install spec increases surprise/risk for non-technical users.
- Credentials
- concernSKILL.md and example scripts require an OpenRouter API key (OPENROUTER_API_KEY) and the code includes functions to load it and call an LLM endpoint. The registry metadata incorrectly reported no required env vars/primary credential — this is the main proportionality/information mismatch. Aside from the model key, I did not see other unrelated credentials being requested in the reviewed excerpts.
- Persistence & Privilege
- okThe skill does not request 'always: true' or system-wide config changes. It writes output/artifacts to directories under the configured save_file_dir (created by the agent), which is expected for this functionality. The agent can be invoked autonomously (default), which is normal for skills and not by itself a flag.