v1.0.0

Browser Ops High Autonomy

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:09 AM.

Analysis

This skill is not malicious, but it gives the agent broad high-autonomy browser authority to submit forms, update business systems, and handle communications with limited approval gates.

GuidanceReview carefully before installing. Only use this after setting exact approved domains, narrowing permitted workflows, using low-privilege accounts, and requiring human confirmation for emails, submissions, record updates, admin actions, or any change that affects customers, accounts, or production systems.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

skill.yaml

mode: high_autonomy ... "If none of the escalation categories apply, proceed automatically when technically possible." ... "standard form completion/submission" ... "administrative workflows" ... "product/platform operations"

The skill explicitly instructs automatic browser operation for broad categories that can submit forms and change administrative or product state, with escalation limited to a few event types.

User impactThe agent could complete impactful browser actions, submit forms, or alter systems without asking the user unless the event falls into the listed escalation categories.

RecommendationRequire explicit confirmation for submissions, sends, record updates, admin changes, and product/platform mutations; define narrow action allowlists, dry-run behavior, logging, and rollback expectations.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

metadata

Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.

No executable code or install step is present, but the skill's provenance is limited, which matters because the policy grants high-autonomy browser behavior.

User impactUsers have less maintainer or source context for deciding whether to trust this high-autonomy policy.

RecommendationInstall only if you trust the publisher and have reviewed or customized the domain and action scope for your environment.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

skill.yaml

Autonomous actions allowed: - email triage and drafting - crm update and record maintenance - administrative workflows - product/platform operations - routine communication

These workflows commonly operate under a user's authenticated browser session or organization account permissions, but the artifacts do not define least-privilege roles, account boundaries, or per-action approval requirements.

User impactIf used on logged-in business systems, the agent may act with the user's full available privileges and modify customer, CRM, email, admin, or platform data.

RecommendationUse only with least-privilege accounts, define exact approved domains and permitted operations, and require human approval for privileged or externally visible changes.