Web Autopilot

This skill appears to implement the advertised record-and-replay functionality, but you should be cautious before installing/running it on a machine with real accounts: - It captures network request/response bodies and user actions and saves them under ~/.openclaw/rpa/. Those recordings and saved sessions can contain sensitive cookies, tokens, or form-posted passwords. - The code includes an extractor that automatically finds username/password pairs in recorded POST bodies and saves them (encrypted) to credentials.enc. That extraction can happen without an obvious separate consent step, so review how you record workflows before using the extractor. - Credentials.enc is encrypted, but by default the key is derived from machine identity (hostname, username, HOME). If you do not set RPA_CREDENTIAL_KEY, anyone with access to your account/machine can decrypt the file. If you plan to use this skill, set RPA_CREDENTIAL_KEY to a strong passphrase before saving credentials. - The registry metadata omits required runtime tools (Node, ts-node, Playwright). Do not assume the skill will ‘just work’ without installing those dependencies. Concrete recommendations: - Inspect the code locally (especially scripts/utils/credentials.ts and scripts/record.ts) before running. - If you will store credentials, set RPA_CREDENTIAL_KEY and restrict file permissions (the code already writes 0600 for the encrypted file but confirm). Consider using a dedicated machine or VM for recording sensitive workflows. - Consider disabling or avoiding use of the extract-and-save CLI helper if you do not want credentials auto-saved; run recordings manually and delete recordings that contain secrets. - Audit or securely delete ~/.openclaw/rpa/ recordings/sessions/credentials if you stop using the skill. Given these behaviors (automatic credential extraction/storage and undeclared runtime assumptions), treat the skill as suspicious until you confirm safe configuration and review of the code.