mufi-admin
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill matches its MUFI admin purpose, but it can create and activate admin records using a browser profile and raw save-click automation without clear approval or credential boundaries.
Install only if you intend the agent to operate the MUFI admin console. Use a dedicated low-privilege browser profile/account, verify each record and image before saving or activating it, and do not let the agent run these steps without your explicit confirmation.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could create, link, activate, or upload the wrong MUFI admin records if it misinterprets a page or user request.
The skill instructs the agent to perform admin creation/upload workflows and provides a generic DOM click for the primary save button. This is purpose-aligned, but it can commit changes on an admin site without an explicit confirmation or verification step.
6. 프레임(디자인) 생성 + 이미지 업로드 (/frames) ... 저장 버튼: `document.querySelector('button.ant-btn-primary').click()`Require explicit user confirmation before Save/Activate actions, verify the target page and record details, and prefer scoped selectors or visible UI review over generic primary-button clicks.
If the browser profile is logged into a powerful admin account, the agent may act with all of that account's privileges.
The skill points the agent to an admin console and a named browser profile, which may carry a persisted authenticated session. The supplied metadata does not define the credential/profile boundary or required account scope.
## URL https://admin.muinfilm.com ... ## 브라우저 자동화 팁 - 프로필: openclaw
Use a dedicated, least-privilege MUFI admin account/profile, document the credential/session requirements, and avoid shared browser profiles that contain unrelated accounts or cookies.