HARPA AI
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This skill is a coherent HARPA integration, but it gives the agent powerful access to logged-in browser sessions, page contents, webhooks, and long-running browser automation jobs.
Use this skill only if you are comfortable letting an agent control HARPA-connected browser sessions. Prefer a dedicated browser profile, a limited HARPA API key, specific node IDs, and trusted webhook destinations. Do not use it on banking, admin, healthcare, private inboxes, or other sensitive logged-in sites unless you explicitly intend to share that page context with HARPA and any selected AI connection.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill may be able to read data from websites where the HARPA browser is already logged in.
The skill can act through a logged-in browser session and use the user's cookies to access authenticated pages, which is powerful account/session authority.
Scraping behind-login pages works because HARPA runs inside a real browser session with the user's cookies
Use a dedicated browser profile or low-privilege account for HARPA nodes, avoid sensitive sites, and require explicit user approval before scraping or prompting against logged-in pages.
A mistaken or over-broad agent request could run automation on a live website using the user's browser context.
The skill exposes broad browser automation through built-in and custom commands, but the artifact does not define limits on what those commands may do on live websites.
Execute one of 100+ built-in HARPA commands or a custom automation on a target page
Confirm the target site, command name, and intended effect before running custom HARPA commands, especially on authenticated or business-critical websites.
A single poorly scoped action could run across all connected HARPA browser nodes instead of only one intended browser.
The API can broadcast an action to every available HARPA browser node, which can multiply the impact of a bad scrape, prompt, or automation request across multiple browser sessions.
`"node": "*"` — broadcast to all nodes
Avoid all-node targeting unless it is truly needed; prefer a specific node ID and ask for confirmation before multi-node or broadcast actions.
Private page contents or account data could be sent to an external webhook if the agent or user chooses an unsafe destination.
Scraped page contents or AI outputs can be sent asynchronously to a webhook URL and retained, but the artifact does not restrict the destination or warn against sensitive authenticated data.
`resultsWebhook` ... URL to POST results to asynchronously (retained 30 days)
Only use webhooks you control and trust, avoid webhooks for sensitive pages, and verify HARPA's retention and deletion controls before sending private data.
An automation request might complete later than expected, after a browser node reconnects.
The asynchronous workflow is disclosed and bounded by time, but it can continue after the initial request and wait for browser nodes to come online.
The action stays alive for up to 30 days, useful when target nodes are temporarily offline.
Use asynchronous actions only when needed, track outstanding jobs, and avoid long-lived tasks involving sensitive logged-in websites.