ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

can i use

v1.0.0

Query browser compatibility for CSS/JS features using caniuse-cli. Use when user asks about browser support, compatibility, "can I use X", "does X work in IE...

0· 39·0 current·0 all-time
by周祺@zhouqicf
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (querying browser compatibility) match the SKILL.md: it only directs use of the caniuse CLI and provides feature-name mappings. Nothing requested (env vars, binaries, configs) is outside that purpose.
Instruction Scope
Runtime instructions are narrowly scoped to checking for the caniuse binary and running `caniuse <feature>`, mapping user terms to caniuse feature names, and formatting results. The instructions do not ask the agent to read unrelated files, environment variables, or exfiltrate data.
Install Mechanism
There is no install spec (instruction-only). The SKILL.md suggests installing `@bramus/caniuse-cli` via npm if missing, which is a reasonable, transparent recommendation rather than an automated download.
Credentials
The skill requests no environment variables or credentials. The only implicit requirement is the availability of the caniuse CLI (or the ability to install it), which is proportional to the task.
Persistence & Privilege
always is false and the skill has no install-time persistence or requests to modify other skills or system-wide settings. It does not require elevated or permanent privileges.
Assessment
This skill is a simple instruction-only wrapper for the caniuse CLI and appears safe and coherent. Before installing the suggested npm package yourself, verify you trust the package name (@bramus/caniuse-cli) and your environment's npm/global-install policy (global installs may require elevated privileges). Note that the agent will attempt to run shell commands (which is expected here); if you prefer, run `caniuse` locally and paste results instead of installing anything in a sensitive environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk974p5panfnv0wafxba319jv1x84qckt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments