Browser Automation AI
PassAudited by ClawScan on May 15, 2026.
Overview
This is a coherent Apify browser-automation guide, but it can run real cloud browser actions using a personal API token, so each task should be reviewed before execution.
Install only if you are comfortable using Apify for cloud browser automation. Keep the API token secure, use trusted actors, review generated tasks before they click or submit anything, and avoid automating sensitive or unauthorized sites.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could submit forms or run scraping jobs through the cloud provider when asked to automate a web task.
The skill directs the agent to initiate cloud browser automation calls. This is expected for the skill, but browser actions such as clicks, form submissions, and scraping can affect real websites.
Describe a web task in plain language and Claude will: 1. Pick the right automation actor for the job 2. Build and fire the API call
Review the generated target URLs, actor, input data, and any submit/click actions before allowing a run, especially on logged-in or sensitive sites.
Anyone or any process with access to this token may be able to run automation jobs on the user's Apify account and consume account resources.
The skill requires a personal Apify API token. That is expected for this integration, but it is account authority and was not declared in the supplied registry credential metadata.
copy your Personal API Token ... export AUTOMATION_TOKEN=api_xxxxxxxxxxxxxxxx
Store the token securely, limit its scope if Apify supports scoped tokens, rotate it if exposed, and monitor account usage.
Using untrusted or poorly maintained actors could expose task inputs or produce unreliable automation results.
The workflow can discover and select cloud automation actors from an actor store. This is normal for Apify-style automation, but actor choice affects what remote code/service processes the task.
| Browse actors | GET | `/store?search=your-query` |
Prefer official or verified actors, review actor documentation and permissions, and avoid sending sensitive data to unknown third-party actors.
Private URLs, page content, or form data included in automation tasks may be processed outside the local environment.
Automation requests and results are handled by an external cloud provider. This is disclosed and purpose-aligned, but task URLs, form values, and scraped content may be sent to that provider.
Base URL: `https://api.apify.com/v2` ... Auth header: `Authorization: Bearer YOUR_TOKEN`
Avoid sending secrets or sensitive personal data unless necessary, confirm the provider's retention/privacy settings, and use only authorized websites.