Ai Web Automation Hardened
ReviewAudited by ClawScan on May 10, 2026.
Overview
This appears to be a disclosed web automation/scraping skill with safety guardrails and no artifact-backed hidden exfiltration, but its broad automation, credential, and scheduling features should be used carefully.
Install only if you are comfortable with a broad web automation helper. Use it on authorized targets, avoid bypassing site protections, keep credentials out of prompts and command arguments, confirm any destination before sending scraped data, and verify cleanup/disable steps before using scheduled automation.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could help run web requests or submissions against user-specified sites; misuse could violate site rules or change data on a web service.
The skill is explicitly designed to automate web interactions, including scraping and submissions. This is coherent with its purpose, but arbitrary web automation can affect third-party sites or user accounts if used without authorization.
- 表单填写 - 数据抓取 - 定时任务 - 自动化测试 - API 测试 - 网站监控 - 自动化提交
Use only on sites and accounts where you have authorization, prefer official APIs, and require explicit user confirmation before submitting forms or sending scraped data elsewhere.
If you provide tokens or API keys, the automation may act with the permissions of those credentials.
The skill anticipates authenticated automation using API keys or tokens. This is expected for web/API automation, but credentials grant account access and need careful scoping.
Use environment variables (`$API_KEY`) or credential stores to pass authentication values to `openclaw` commands
Use scoped, revocable credentials; avoid pasting real secrets into prompts or command arguments; and rotate any token that may have been exposed.
A scheduled automation could keep running and repeatedly access a website after the initial request.
The documentation advertises recurring scheduled automation. The included code does not implement this, but if supported by an external runner it would create continuing activity that should have clear limits and cancellation.
openclaw run web-automation --action "cron" --schedule "0 */6 * * *" --target "monitor"
Before enabling scheduled tasks, confirm where the schedule is stored, how to disable it, what target it will access, and what data it will produce or send.
You have less external context for who maintains the skill or whether the published files match a trusted upstream project.
There is no upstream repository or homepage to verify provenance. The supplied code is small and does not show hidden behavior, so this is a provenance note rather than a concrete compromise.
Source: unknown Homepage: none No install spec — this is an instruction-only skill.
Review the included files before installation and prefer skills with a verifiable source repository when using automation that can touch accounts or websites.