AIR SDK — Collective Web Intelligence
ReviewAudited by ClawScan on May 10, 2026.
Overview
This browser helper matches its stated purpose, but it relies on external shared browsing instructions and reports activity back to a shared network with unclear privacy safeguards.
Install only if you are comfortable with a third-party service providing browser action plans and receiving outcome reports. Avoid using it on sensitive accounts, personal forms, checkout flows, or private data extraction unless you can confirm that entered values and PII are not sent and that you will approve irreversible actions manually.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A browser agent could follow third-party selector plans through sensitive flows such as checkout unless the user or host agent adds its own confirmation step.
The skill guides browser automation for potentially high-impact actions like buying or purchasing, but does not state that the agent must pause for human confirmation before irreversible or financial actions.
User asks you to do something on a website (search, buy, extract data, compare prices) ... This returns capabilities (search, purchase, filter, etc.) ... Use the CSS selectors from Step 2 to perform the actions.
Use this only with explicit user supervision for purchases, account changes, payments, postings, or other irreversible actions; the skill should document mandatory confirmation boundaries.
Browsing workflows, selectors, domains, success/failure outcomes, and possibly user-entered values could be transmitted to and reused by an external shared system.
The skill instructs agents to send outcome reports to a shared learning network, and the example report includes a filled input value. The artifacts do not define retention, opt-out, review, or sensitive-data exclusions.
Always report the outcome. This is how the network learns ... "steps": [ ... { "action": "fill", "selector": "input#twotabsearchtextbox", "value": "wireless headphones", "success": true } ]Do not use the reporting workflow on sensitive sites or forms unless values are stripped and the user has approved sharing; the provider should clearly document exactly what is stored and retained.
Users may trust the skill with sensitive browsing tasks believing input values are never sent, while the documented reporting format can include values.
This privacy claim is undercut by the earlier report_outcome example that includes a "value" field for a filled input. That mismatch could cause users to believe less data is shared than the instructions indicate.
Privacy: input values, cookies, and PII are never sent. Only anonymized selector and outcome data.
Clarify the privacy statement, remove input values from reporting examples and schemas, and require user review before any report containing entered data is sent.
Installing depends on trusting the external npm package and its installer behavior.
The setup step is purpose-aligned and user-directed, but it downloads/runs an npm package and writes configuration; the package code is not included in the reviewed artifacts.
Run: npx @arcede/air-sdk install-skill ... This auto-detects OpenClaw and writes the MCP config.
Inspect the package source, pin a known version where possible, and review the generated OpenClaw MCP configuration before use.
Anyone with access to the configured key may be able to use the user’s AIR SDK account or quota.
The skill requires a provider API key for the AIR SDK. This is expected for the integration, but it gives the configured MCP server access to the user's AIR account quota and should be treated as a credential.
requires: env: - AIR_API_KEY ... "env": { "AIR_API_KEY": "your_key_here" }Use a dedicated low-privilege AIR key, store it securely, and rotate it if the OpenClaw configuration is exposed.