ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ds160-autofill

v1.0.0

Automates filling and resuming US DS-160 visa forms using CSV data, browser scripting, LLM for captchas, translations, missing data, and session persistence.

1· 1.1k·1 current·1 all-time
by@clulessboy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, SKILL.md, YAML and CSV templates are consistent with an automated DS-160 autofill tool: CDP for element location, CSV input, YAML mappings and session persistence all align with the stated purpose. The skill's use of an LLM for translation and element-location assistance is plausible for complex fields.
!
Instruction Scope
The runtime instructions explicitly direct the agent to: read user CSV (contains passport/ID/SSN examples), read/write session files including securityQuestion/securityAnswer, take screenshots of captcha areas, and send page snapshots/HTML and element info to the LLM/image tool. Those steps will expose highly sensitive PII to any external service the LLM/image tool uses and grant the skill broad discretion to collect and transmit form contents.
Install Mechanism
There is no install spec (instruction-only plus included script and reference files). No remote downloads or package installs are requested, which reduces supply-chain risk. The presence of local JS and reference files means code will be executed by the agent runtime; evaluate that code before running.
!
Credentials
The skill requests no explicit credentials, but the script reads and writes files in a workspace (uses OPENCLAW_WORKSPACE or defaults to a hardcoded /home/jasonzhao/.openclaw/workspace). It stores security question/answer and application IDs in plaintext session files and will process national ID / passport / SSN fields from CSV — all highly sensitive. Using LLM/image tools to resolve translation/captcha implies sending that sensitive content externally. The hardcoded workspace default is also a minor red flag (developer path baked in).
Persistence & Privilege
always is false and the skill is user-invocable. It persists session state to files within the workspace, which is expected for resume capability; this is normal but increases the sensitivity of what is stored on disk.
What to consider before installing
This skill automates DS-160 filling but will read and store highly sensitive personal data (passport numbers, national IDs, SSNs, security question answers) in workspace files and will take and send screenshots and page HTML to LLM/image tools. Before installing: (1) review the full ds160-filler.js yourself or with someone you trust; (2) confirm where the session and CSV files will be stored and consider using an isolated/ephemeral workspace (set OPENCLAW_WORKSPACE to a safe directory); (3) avoid putting extremely sensitive fields in the CSV or disable any automatic LLM/image calls that would transmit them; (4) ensure the LLM/image endpoints you trust have appropriate privacy guarantees; and (5) if you are not comfortable with potential external transmission of PII, do not enable this skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk979tz6d6eb38wca6c53gmy1sd80pxa8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments