Skillv1.0.0

ClawScan security

Davos · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 13, 2026, 4:05 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions and requirements are consistent with its stated purpose (create HTML posters and screenshot them); no unexplained credentials, installs, or network endpoints are requested — but there are a few practical security/usability omissions to be aware of.
Guidance: This skill appears to do what it says: author a temporary HTML poster, serve it locally, and screenshot it. Before running it, consider these simple safety steps: (1) Don't run the server from your Desktop if that folder contains sensitive files — create a temporary folder and put only poster files there. (2) Bind the server to localhost to avoid exposing files: python3 -m http.server 9999 --bind 127.0.0.1. (3) Avoid using pkill -f; instead capture the server PID when you start it and kill that PID (or use Ctrl-C) to avoid terminating unrelated Python processes. (4) If your HTML references external image URLs, the browser will fetch them from the network (remote hosts will see the request); prefer local images if you want to avoid remote fetches. (5) Verify screenshots don't accidentally capture other on-screen sensitive information. With those precautions this instruction-only skill is coherent and low-risk.

Purpose & Capability: okThe name/description (HTML poster + screenshot) match the runtime instructions: create an HTML file, run a local HTTP server, open the local URL in the browser, and capture a screenshot. No unrelated binaries, credentials, or services are requested.
Instruction Scope: noteInstructions stay within the poster-generation workflow, but omit a couple of important safety details: (1) python3 -m http.server binds to all interfaces by default, potentially exposing ~/Desktop files to the network; the instructions do not recommend --bind 127.0.0.1 or using a temporary directory. (2) The suggested pkill -f pattern may match and terminate other unrelated Python processes. Also, templates may reference external image URLs which will cause the browser to fetch remote resources (possible data/metadata leakage).
Install Mechanism: okInstruction-only skill with no install spec and no downloaded code. This is low risk and consistent with a simple workflow that relies on existing Python and the agent's browser tool.
Credentials: okThe skill requests no environment variables, no credentials, and no config paths. It only instructs writing a temporary HTML file to ~/Desktop and running a local server, which is proportional to the stated purpose.
Persistence & Privilege: okThe skill is not always-enabled and does not request persistent privileges. It does instruct running a local server process, but that is typical for the task and limited in scope.