Actionbook
ReviewAudited by ClawScan on May 10, 2026.
Overview
Actionbook is a coherent browser-automation skill, but it gives broad authenticated website, cookie, profile, and JavaScript control through an undeclared external CLI/API without clear approval boundaries for high-impact actions.
Install only if you trust the separate Actionbook CLI and provider. Use dedicated browser profiles, avoid broad or privileged accounts, review any JavaScript/eval usage, and require explicit confirmation before the agent submits forms, sends messages, posts content, books services, or performs other irreversible actions.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used too freely, the agent could submit forms, send messages, post content, or trigger bookings on behalf of the user before the user has reviewed the final action.
The skill explicitly targets broad website automation, including actions that can alter third-party accounts, create public posts, submit forms, or make bookings, without documenting confirmation gates for irreversible or public actions.
Needs to do anything on a website ("Send a LinkedIn message", "Book an Airbnb"...) ... Automates repetitive web tasks (data entry, form submission, content posting)Require explicit user confirmation before any submit, purchase, booking, message-send, deletion, or public-posting step, and limit automation to the specific site and task the user requested.
A compromised or misused profile or cookie could provide access to the user's logged-in accounts, similar to exposing a password.
The authentication guide instructs use of passwords, OAuth credentials, session cookies, and persistent profiles. This is purpose-aligned for browser automation, but it grants account-level authority and stores reusable session material.
actionbook browser fill "#password" "$APP_PASSWORD" ... profiles store cookies and session data on disk ... actionbook browser cookies set "session_token" "$SESSION_TOKEN"
Use dedicated low-privilege browser profiles, keep secrets in protected environment variables, avoid sharing profile directories, and delete or clear profiles after sensitive tasks.
Users may need to obtain a separate CLI from an unverified source, and that CLI would be able to control browser sessions and handle credentials.
The reviewed artifacts do not provide or declare the `actionbook` executable that the instructions rely on, and no official source or install path is included. That leaves the provenance of the high-privilege browser automation tool outside the reviewed package.
Source: unknown; Homepage: none ... No install spec — this is an instruction-only skill ... Required binaries ... none
Only use the skill with a verified, trusted Actionbook CLI distribution; the package should declare the required binary, official source, version, and integrity checks.
JavaScript evaluation could read or modify page state within the active browser context if the agent runs unsafe expressions.
The CLI supports JavaScript evaluation in the browser page. This is expected for browser inspection and automation, but it is still a powerful escape-hatch capability.
actionbook browser eval "document.title" ... actionbook browser eval "document.querySelectorAll('a').length"Treat `browser eval` as sensitive; review expressions before running them on authenticated pages and avoid using it for destructive page changes.
Detailed task descriptions, target domains, or other query context may be visible to the Actionbook service.
Search and retrieval appear to use an external Actionbook API. This is disclosed and purpose-aligned, but users should understand that task queries and API credentials may be sent to that provider.
api.base_url - API endpoint (default: https://api.actionbook.dev) ... api.api_key - API authentication key
Avoid putting unnecessary personal or confidential details into search queries, and verify the provider's privacy and credential-handling practices before use.