Form Auto
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a plausible form-filling helper, but it can use your logged-in browser session and reusable personal profiles without clearly defined limits.
Install only if you are comfortable letting the agent operate inside your logged-in browser. Use it on trusted sites, verify every field before submission, and avoid saving sensitive profile data unless the skill clearly explains how that data is stored and removed.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
It may fill or submit forms while logged into accounts, so mistakes or misuse could affect real services tied to the user's identity.
The skill is designed to operate with the user's already-authenticated browser session, giving it the ability to act as the user on logged-in websites.
🔐 Browser Session: Uses existing login state
Use only on trusted sites, prefer a separate browser profile for automation, and require explicit user confirmation before any submission.
Personal details such as contact information or ID numbers could persist across sessions and be reused in the wrong context.
The skill indicates that personal form data can be stored and reused, but the artifact does not define storage location, retention, access controls, or deletion controls.
📋 Template Support: Save and reuse form data
Make profile saving opt-in, document where data is stored, provide edit/delete controls, and show all reused values for confirmation before filling.
The agent could enter incorrect personal information or select the wrong checkboxes before the user notices.
Automated DOM interaction is central to the skill's purpose, but it can still cause incorrect or unintended changes on websites if field matching is wrong.
Automatically fills out any web form using OpenClaw's browser automation.
Review the filled summary carefully and do not submit until the user has verified every field.