flomo-crud-skill
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is coherent and clearly disclosed, but it can use your logged-in flomo browser session to read, edit, and delete live memos, so target confirmations matter.
This appears safe for its stated purpose if you want an agent to operate flomo through your logged-in Chrome session. Before installing, verify the Chrome MCP dependencies, avoid using it with extremely sensitive memos, and carefully confirm memo_id, timestamp, and snippet before any edit or delete.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can act as the logged-in user on flomo while Chrome MCP is available.
The skill relies on the user's existing browser session to access the real flomo account rather than a separate scoped credential.
User is already logged in to flomo Web in Chrome
Use this only in a trusted browser session, keep requests specific, and disable Chrome MCP or log out when you do not want the agent to access flomo.
A mistaken target could edit or delete a live memo, although the docs require memo_id locking and confirmations.
The delete workflow can use direct browser component methods as a fallback. This is disclosed and confirmation-gated, but it bypasses normal visible UI controls.
If the UI path is unstable, use the target detail `Memo` component fallback ... Call `Memo.removeMemo(memo)`
Before approving edit or delete, verify the memo_id, timestamp, snippet, and requested action; avoid ambiguous or bulk requests.
Private memo text may be exposed to the active agent session during search, confirmation, or validation.
The skill reads memo content and may display snippets in the agent conversation, while explicitly avoiding persistent memo-body logs.
Allowed in transient response output: ... short snippet for confirmation (truncated, only in-session)
Do not use it on highly sensitive memos unless you are comfortable with the agent seeing snippets; keep debug dumps and screenshots disabled unless needed.
Installing the recommended MCP bridge may pull whatever package version is current at install time.
The suggested MCP setup uses an external npm package without a pinned version; it is user-directed setup rather than hidden execution.
command = "npx" args = ["-y", "-p", "mcp-chrome-bridge", "mcp-chrome-stdio"]
Verify the MCP package and Chrome extension source before installing, and pin versions where possible.