Privacy Eraser
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill fits a privacy-removal use case, but it can use your logged-in browser to file reports automatically and keep ongoing monitoring with limited safeguards.
Review this skill carefully before use. Only allow it to act through logged-in accounts after explicit confirmation, use truthful complaint categories, avoid fully automatic submissions, and set clear limits for monitoring, stored screenshots, and deletion of case records.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Reports, messages, or complaints could be submitted from the user's real platform accounts without a clear per-action approval step.
The skill directs the agent to act through already-authenticated local browser sessions and emphasizes automatic, user-unnoticed operation.
用户的 Mac Mini 浏览器已登录各平台账号 ... AI 通过 node 控制 Mac 上的浏览器 ... 直接自动举报,无需手动操作 ... 完全自动化,用户无感知
Require explicit user approval before using any logged-in browser profile, and prefer a separate limited-purpose browser profile over the user's main session.
Mistaken or unwanted takedown reports could be filed, potentially affecting third-party content, user accounts, or platform trust.
The skill exposes raw browser automation and JavaScript-click workflows for submitting external reports, but does not require final review before submission.
browser action=open target=node profile=chrome ... browser action=act target=node ... 执行 JS: document.querySelector('.report-click-item').click() ... 点击提交Keep automation in draft/preview mode by default and require the user to confirm the exact URL, complaint text, account, and submit action.
Users could be led into misleading or abusive reporting behavior that may violate platform rules or harm others.
The guidance encourages using potentially inaccurate report categories and coordinated multi-account reporting as tactics to speed handling.
选择“人身攻击”类型比“隐私泄露”处理更快 ... 多个账号同时举报会加速处理
Use only truthful complaint categories and avoid coordinated or multi-account reporting unless it is legitimate and platform-approved.
The agent may continue performing weekly identity searches after the initial task unless the user knows how to stop it.
The monitoring feature creates a recurring scheduled task, which is disclosed and purpose-aligned but persistent.
用户要求监控时,创建 cron ... expr: 0 9 * * 1 ... 隐私监控: 搜索用户姓名,检查是否有新的个人信息泄露,如有则通知用户
Show the monitoring schedule clearly, provide an expiration or cancel command, and ask before renewing ongoing monitoring.
Sensitive identity details and evidence of privacy leaks may remain in local files or be reused in later tasks.
The workflow uses local identity information and stores screenshots/case records that may contain sensitive personal data.
从 USER.md 读取用户身份信息 ... 截图存档 ... 记录到 cases/ 目录
Limit which identity fields are read, avoid storing unnecessary screenshots, and define retention, deletion, and access controls for case records.