AccessMind

What to check before installing: - Inspect the hard-coded path (/Users/sarper/.openclaw/...) in extension/background.js; it should be replaced with a configurable path or discovered dynamically. Hard-coded user paths can cause failures or accidentally point to sensitive files. - Expect the extension to collect full page HTML, screenshots, images, and form element metadata (names/labels). If you will run audits on pages that contain sensitive data, be cautious — exported audit artifacts could include sensitive content. - The skill talks to local services (OpenClaw Gateway at 127.0.0.1:8765 and an Ollama-like API at 127.0.0.1:11434). Verify you are comfortable running those local services and that they are configured to accept only local connections. - Review the included shell scripts (.sh) and Python scripts before running them. They perform crawling and reporting and may invoke system commands or write files. Prefer to run them in a controlled environment (isolated VM or container) first. - Confirm whether the extension is the only component that will execute automatically; the repository contains many scripts that likely require manual execution. If you do not want background local servers or files written to disk, do not run those scripts. - If you intend to use this on enterprise or sensitive sites, get written assurances (or source review) that exported reports and stored event logs will not be transmitted to remote servers. The code appears to use only localhost endpoints, which is better than unknown remote endpoints, but verify at runtime. If you want, I can: (1) point to the exact lines that reference the hard-coded path and localhost endpoints; (2) summarize what each .sh and top Python script does so you can decide which to allow; or (3) suggest a minimal, safer configuration for running audits (e.g., run in a disposable VM and disable export/auto-tracking).