page-filed-analyzer
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only skill appears coherent and benign, using browser automation to count form fields on user-provided webpages.
Before installing, understand that this skill opens webpages you provide and may inspect the visible structure of logged-in pages if you choose to authenticate. It appears limited to counting and summarizing form fields, with no code files, persistence, or credential handling shown.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may execute a read-only DOM inspection script on the webpage the user provides.
The skill may run JavaScript in the browser page context, but the supplied script only counts form-related DOM elements and is aligned with the stated purpose.
If the snapshot doesn't provide enough detail, use `mcp__browser-use__evaluate_script` to run:
Use this only on pages you intend the agent to inspect, and avoid asking it to interact with or submit forms unless you explicitly want that.
If used after login, the agent may see parts of a private or account-specific webpage while counting fields.
The skill may be used on authenticated pages after user login, meaning the agent can inspect form structure and page content visible in that session.
If the page requires authentication, inform the user and ask them to log in first
Only use it on authenticated pages where you are comfortable sharing the visible page structure and labels with the agent.