Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Actionbook

v0.1.1

Activate when the user needs to interact with any website — browser automation, web scraping, screenshots, form filling, UI testing, monitoring, or building AI agents. Provides pre-verified page actions with step-by-step instructions and tested selectors.

⭐ 0· 1.9k·15 current·16 all-time

by@adcentury

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The name/description (website interaction, scraping, form-filling, UI testing) align with the SKILL.md content: it is a manual for an 'actionbook' CLI that performs browser automation. However, the skill is instruction-only and provides many CLI commands that imply a separate 'actionbook' binary and local profile storage even though the registry metadata lists no required binaries or config paths — a usability/information-gap rather than a direct functionality mismatch.

Instruction Scope

The instructions explicitly teach how to log in to sites (including OAuth/SSO), fill credentials from environment variables (e.g., $APP_USERNAME, $GOOGLE_PASSWORD, $SESSION_TOKEN), set cookies, snapshot pages, eval JS, and persist profiles to disk. Those actions access and persist sensitive data and can reach arbitrary page content via eval; while expected for browser automation, the SKILL.md grants broad capability to read/manipulate credentials, cookies, and page data — and it references env vars and disk paths that are not declared in the skill metadata.

✓

Install Mechanism

No install specification or code is included (instruction-only), so nothing is written to disk by the skill itself. This lowers supply-chain risk. Note: the instructions depend on an external 'actionbook' CLI whose provenance is unknown; the skill does not install it.

Credentials

The documentation routinely uses sensitive environment variables and tokens (APP_USERNAME, APP_PASSWORD, GOOGLE_PASSWORD, SESSION_TOKEN, ACTIONBOOK_API_KEY) and describes persistent profile directories and cookies, yet the skill metadata declares no required env vars or config paths. That mismatch obscures the fact that using this skill will involve handling secrets and persistent local session data — more sensitive than the metadata implies.

Persistence & Privilege

The docs instruct creating and reusing browser profiles (stored under a config path like ~/.config/actionbook/), persisting cookies and sessions, and recommend file-permission changes. The skill metadata does not declare these config paths or persistence behaviors. Persistent sessions increase the blast radius if misused; users should be aware that running the described commands will create long-lived artifacts on disk.

What to consider before installing

This appears to be a coherent manual for a browser-automation CLI, not executable code — but there are important caveats: - Origin: the skill is instruction-only and references an external 'actionbook' CLI with no install provided. Verify the source and obtain the CLI from a trusted publisher before following commands. - Secrets: the docs show using environment variables for usernames, passwords, tokens, and cookies. Do not paste real credentials into example commands; prefer ephemeral credentials or test accounts. Confirm which env vars the agent or host will actually expose before running automation. - Persistence: profiles and cookies are stored on disk (e.g., ~/.config/actionbook/). If you use this, restrict directory permissions, delete profiles when finished, and avoid reusing profiles that contain unrelated account sessions. - Privileged operations: commands like browser eval and cookies set can access arbitrary page data and session tokens — run in an isolated environment or sandbox, especially for unfamiliar sites. - Metadata mismatch: the skill metadata declares no required binaries/credentials/config paths, but the instructions clearly use them. Treat that as a red flag: ask the publisher for clarification about expected local tooling, config locations, and what secrets (if any) you must supply. If you decide to use it: test against non-production/test accounts, run the CLI in a disposable container or VM, and wipe profiles/cookies after use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b4e98t6kgs6dnshazkfdze1812d1c

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Actionbook

License

Comments