webvoyager
WarnAudited by ClawScan on May 10, 2026.
Overview
This is a coherent web-automation skill, but it promotes autonomous actions like checkout, form submission, and social media automation without clear confirmation or safety limits.
Use this only with clear task limits. Do not let it complete purchases, submit forms, post on social media, change account settings, or handle sensitive pages unless you add explicit confirmation checkpoints and trust the configured vision/browser environment.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used with browser tools, the agent could submit information, make purchases, or affect public/account content before the user has reviewed the final action.
The skill explicitly covers autonomous browser actions that can submit forms, complete checkout flows, and automate social media, but the artifacts do not define approval gates or restricted domains/actions for high-impact steps.
- Autonomous web navigation and interaction ... - Cross-site workflow automation ... - E-commerce automation (price monitoring, checkout) ... - Form filling and submission ... - Social media automation
Require explicit user confirmation before checkout, payment, account changes, form submission, posting, messaging, or deletion, and constrain allowed sites, actions, and maximum steps.
A malicious or compromised webpage could try to influence the agent's next clicks or navigation through visible text or element labels.
The example places webpage-controlled labels, links, and screenshots into the model context. That is expected for a web agent, but untrusted pages can contain text intended to steer the agent.
prompt += `[${mark.id}] ${mark.element.type}: "${mark.element.label}" `; ... prompt += `(href: ${mark.element.attributes['href']})`; ... image: state.annotatedScreenshot, promptTreat webpage content as untrusted instructions, follow only the user's task, and require confirmation before sensitive actions.
Private information visible on webpages could be processed by an external or configured vision provider.
The example sends annotated screenshots and prompt context to a vision model. This is purpose-aligned, but the provider/data boundary is not specified.
const response = await this.visionModel.analyze({ image: state.annotatedScreenshot, prompt, systemPrompt: this.getSystemPrompt(), });Use a trusted or local vision model for sensitive browsing, and avoid running the skill on pages containing passwords, payment details, private messages, or regulated data unless data handling is understood.
Users have less information about the maintainer, origin, and update history of the skill.
The registry entry does not provide a source repository or homepage, limiting provenance review, though no install-time code is present.
Source: unknown; Homepage: none
Prefer skills with clear source provenance, or inspect the full artifacts and publisher reputation before relying on it for important browsing tasks.