Back to skill
Skillv1.0.0
ClawScan security
Web Scraper Pro Zhuyu28 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 6, 2026, 12:20 PM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill claims advanced browser automation but contains only a small placeholder Python script and no install/dependency info or real automation code, so its capabilities don't match its claims.
- Guidance
- This package appears to be a lightweight stub that advertises advanced browser automation but does not include real automation code or dependency declarations. Before installing or running it: 1) Ask the publisher for the full source or a clear changelog explaining the missing automation libraries (Playwright/Selenium) and a usage guide. 2) Inspect any runtime code for network/credential usage (the current script is benign but trivial). 3) Do not provide secrets or credentials to this skill. 4) If you need real browser automation, prefer a skill that clearly lists required dependencies and includes tested integration with Playwright, Selenium, or a known tool; run unknown or incomplete code in a sandbox first.
Review Dimensions
- Purpose & Capability
- concernName/description promise 'enhanced browser automation' and 'browser automation tools like Playwright or Selenium', but the shipped code (scripts/scrape_web.py) contains only stubbed functions that do not import or call any browser automation libraries or perform network I/O. No required binaries or env vars are declared. This mismatch suggests the package is a stub or incomplete and does not deliver the claimed capabilities.
- Instruction Scope
- noteSKILL.md contains only high-level install/usage hints and an instruction to review included files; it does not instruct the agent to read unrelated system files, use credentials, or call external endpoints. Minor inconsistency: SKILL.md points to references/usage-guide.md, but the repository includes references/scraper_guide.md instead.
- Install Mechanism
- okNo install spec is provided (instruction-only skill with a small script). This is low-risk from an installation perspective because nothing is downloaded or written during install.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. That is proportionate to the actual code (which does not perform network or authenticated actions).
- Persistence & Privilege
- okalways is false and the skill does not request persistent system presence or modify other skills' configurations. Agent invocation defaults are unchanged.