Skillv1.0.0

ClawScan security

test · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 11, 2026, 12:03 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: This is a plausible QA 'evidence collector' instruction-only skill, but its runtime instructions expect local shell scripts and Playwright-based screenshot captures while the manifest declares no required binaries or installs — a metadata omission that could lead to unexpected filesystem access or execution.
Guidance: This skill appears to be a legitimate QA/evidence-collector, but it has two practical issues you should verify before enabling it: (1) inspect the referenced script ./qa-playwright-capture.sh (and any Playwright test files) to ensure they don't exfiltrate data, spawn unexpected processes, or call external endpoints; (2) confirm whether your agent runtime actually has Playwright/node and the necessary scripts available — the skill's metadata doesn't declare these dependencies. Also be aware that when invoked this skill will run shell commands and read local project files (public/qa-screenshots, resources/views, test-results.json), so only enable it in environments where you trust those actions. If you want to proceed, request the author add explicit dependency and safety metadata (required binaries, a manifest of scripts to run, and a note about network behavior) or provide the capture script contents for review.

Review Dimensions

Purpose & Capability: concernThe name/description (evidence collector / QA) match the included SKILL.md/AGENTS.md content. However, AGENTS.md's mandatory Step 1 requires running a local Playwright capture script (./qa-playwright-capture.sh) and inspecting local files (public/qa-screenshots, resources/views, test-results.json). The skill declares no required binaries, env vars, or install steps — a mismatch between stated metadata and the actions the instructions expect.
Instruction Scope: concernInstructions direct the agent to run shell commands (Playwright capture script, ls, grep, cat) and to read specific local paths. These actions are coherent with QA work but grant the agent permission to execute arbitrary local scripts and read project files. The SKILL.md does not show the contents of the referenced ./qa-playwright-capture.sh script or otherwise constrain what will be executed or where data may be sent.
Install Mechanism: okThere is no install spec and no code files that would be downloaded/executed by an installer; this lowers supply-chain risk. However, because the instructions assume tooling (Playwright, a capture script), the runtime environment must already have those tools — which the manifest does not declare.
Credentials: noteThe skill requests no environment variables or credentials, which is reasonable for a local QA agent. Still, the instructions imply access to local filesystem paths and to run a script that likely requires Node/Playwright; those runtime requirements are not declared, so the lack of declared secrets is not sufficient reassurance.
Persistence & Privilege: okThe skill is not marked always:true, and it doesn't request to modify other skills or system-wide agent settings. It appears limited to being invoked by name and performing local QA actions when invoked.