ds160-autofill
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill is aimed at DS-160 autofill, but it handles highly sensitive visa data with CAPTCHA automation, LLM sharing, and plaintext session-secret persistence.
Only use this skill if you are comfortable with automation on the DS-160 site and with sensitive visa data potentially being sent to LLM/image tools. Manually review every page before continuing or submitting, avoid CAPTCHA automation if the site rules prohibit it, and delete or protect the saved session file after use.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may interact with a government form in ways the site intends to reserve for a human user, and mistakes or policy violations could affect the visa application process.
The skill explicitly instructs automated CAPTCHA solving on a government visa site, which bypasses an anti-automation checkpoint and increases legal/process risk for a high-impact form.
**Captcha:** - Take screenshot of captcha area - Use `image` tool to analyze captcha - Fill captcha code via browser evaluate
Require explicit user approval before CAPTCHA handling and page continuation, and warn users to verify that automation is allowed by the DS-160 site and applicable rules.
Personal visa application information may be disclosed to the model/provider or retained in model/tool logs without the user realizing the full sensitivity.
The workflow sends page snapshots, field context, and user-provided values to an LLM during a DS-160 visa application, which can include highly sensitive identity, travel, and security-answer data.
**Missing element:** - Call LLM with page snapshot ... **Translation needed:** - Call LLM with field context and Chinese value
Add an explicit consent step before any LLM call, redact filled form values from snapshots where possible, and document provider retention/privacy implications.
Anyone with access to the workspace files or logs could see the application ID/security answer and potentially resume or view the visa application.
The session object includes the DS-160 security answer and the code logs loaded session data, exposing credential-like resume information for the visa application.
securityQuestion: null,
securityAnswer: null,
...
console.log('✓ Loaded session data:', JSON.stringify(sessionData, null, 2));Do not log security answers, store session secrets encrypted or outside normal logs, and provide a clear cleanup command to delete `ds160/ds160-session.json` after use.
A quote or crafted value in the CSV could break the automation or run unintended JavaScript in the active DS-160 page context.
CSV-derived user values are interpolated directly into JavaScript source strings used for browser automation, without visible escaping in the supplied snippet.
const fieldValue = userData[elementName]?.value;
...
el.value = '${valueToFill}';Pass values as structured arguments to browser evaluation or escape with `JSON.stringify` instead of concatenating CSV values into JavaScript code.
The skill may fail or require an ad hoc dependency install whose version/provenance is not pinned in the provided artifacts.
The included script imports an external package while the artifact says there is no install spec; this creates dependency/setup ambiguity but is not by itself malicious.
const yaml = require('js-yaml');Publish a clear install spec or package manifest with pinned dependencies and source provenance.