ClawHub

Openclaw Web Automation

v1.0.7

Automates web interactions for public site checks or authenticated flows with credential references and optional iMessage notifications.

2· 924·0 current·0 all-time
byMarcos Athanasoulis@marcosathanasoulis
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the included runner and scripts: they invoke a local OpenClaw Automation Kit to fetch and analyze public pages. However the SKILL.md requires `pip install -e .` and a local repo root — heavier privileges than the name implies. Asking users to install the whole package locally and allowing arbitrary repo roots is more capability than a simple 'public-site checker' suggests.
!
Instruction Scope
SKILL.md restricts use to public sites and no credentials, but the runtime flow delegates work to openclaw_automation.cli / AutomationEngine, which are not included here. The skill will run whatever scripts the automation kit resolves to (script_dir derived from the parsed query). Nothing in the code enforces the 'no credentials' rule or prevents the automation kit from running additional commands, reading files, or contacting arbitrary endpoints.
!
Install Mechanism
There is no formal install spec, but SKILL.md instructs users to run `pip install -e .`. Editable installs run local package build hooks and make code importable system-wide — a high-risk step if you haven't audited the repository. The skill itself does not provide a vetted remote distribution or reproducible install; that increases the chance of executing unreviewed code during install or runtime.
Credentials
The skill declares no required env vars, which aligns with the 'no credentials' claim. The runner scripts will honor an optional OPENCLAW_AUTOMATION_ROOT if set (used to locate the repo). The manifest grants network_domains: ["*"], permitting outbound requests to any domain — reasonable for web automation but broader than the SKILL.md's 'public websites only' promise and therefore worth noting.
Persistence & Privilege
always is false and the skill does not request platform-level persistence. It runs in a stateless execution model and is user-invocable, which is appropriate.
What to consider before installing
This skill is coherent with a web-automation purpose, but exercise caution before installing or running it: - Audit and run in an isolated environment: `pip install -e .` can execute project build hooks and will import local code. Use a disposable virtualenv or container before trusting it on a workstation with sensitive data. - Inspect the full OpenClaw Automation Kit code (especially openclaw_automation.cli, AutomationEngine, and parse_query_to_run) before use — the runner delegates runtime behavior to those modules and they could run arbitrary scripts or access local files. - Be aware of repo-root discovery: the script searches the current working directory and parents for a manifest; running it from an unexpected directory could cause it to pick up and execute a different automation repo. - Network access is unrestricted (network_domains: ["*"]). If you need strict boundaries, run the skill in a network-restricted sandbox. - Do not provide credentials to this skill: although SKILL.md says no credentials are required, nothing in the code enforces that at runtime. If you need login-required checks, obtain a clearly scoped skill that explicitly requires and documents those credentials. If you want to proceed safely: review the automation package source code, run the skill only in a sandboxed environment, and set OPENCLAW_AUTOMATION_ROOT explicitly to the intended repository path before invoking.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ef8j1124kmetg5frg1ak92d815b5y

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments