Skillv1.0.1

ClawScan security

Huo15 Openclaw Design Critique · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 24, 2026, 4:16 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's design-review instructions are coherent for its stated purpose, but they reference running a Playwright screenshot CLI and other 'huo15' skills while declaring no required binaries or install steps — that mismatch is suspicious and should be clarified before installing.
Guidance: This skill otherwise looks like a reasonable design-review prompt set, but it references running a Playwright screenshot CLI and other 'huo15' skill sections while declaring no binaries or installs. Before installing or enabling: 1) Confirm whether your agent environment provides Playwright or the referenced 'huo15-openclaw-frontend-design' capability. If not, insist the skill author declare required binaries or provide an alternative (accept user-uploaded screenshots). 2) If you allow the agent to run Playwright or any CLI, ensure it will only access pages you explicitly permit (avoid letting it browse intranet or authenticated pages without review). 3) Prefer providing screenshots or sanitized HTML yourself rather than granting the agent access to local files or automated browsing. 4) Ask the publisher for a clear dependency list and explicit privacy guarantees (what data is sent where) — absence of declared dependencies here is the main reason this is flagged as suspicious.

Review Dimensions

Purpose & Capability: noteThe skill's name, description, and detailed SKILL.md all align with a design critique capability (5-dimension scoring, Keep/Fix/Quick Wins, ASCII radar). However the workflow explicitly references calling a Playwright screenshot CLI and cross-calls to other 'huo15-openclaw-frontend-design' skill sections; the package metadata declares no required binaries or install steps. Either the agent will expect an external Playwright binary or another skill to exist — the absent dependency is disproportionate to the claimed 'instruction-only' nature and should be declared.
Instruction Scope: concernThe runtime instructions are prescriptive and generally within the domain of a design review. Concerns: (1) Stage 1 instructs the agent to call an external Playwright CLI from another huo15 skill for screenshots — this is a runtime external command not declared in requirements; (2) instructions say 'if given HTML code → read it' and request the user open it locally and screenshot, which pushes data collection onto the user but also implies the agent may attempt to access or render HTML; (3) the skill cross-references internal '硬红线' rules and other skills, which assumes those other skills or documents exist. There is no instruction to access secrets or system config, and the skill refuses purely textual descriptions, which is a reasonable scope restriction.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, which is the lowest-risk install model. There are no downloads, packages, or extracted archives. The only concern is that the instructions expect external tooling (Playwright) which is not declared as required — but there is no install mechanism in this skill itself.
Credentials: okThe skill requests no environment variables, no credentials, and no config paths. That is proportionate to a read-only review task. There is no attempt to access unrelated secrets or system files in the SKILL.md.
Persistence & Privilege: okalways is false and disable-model-invocation is false (normal). The skill does not request permanent presence or elevated privileges and does not instruct modifications to other skills' configs. No persistence/privilege concerns were found.