Chrome Web Automation
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is coherent and code-free, but it gives the agent broad control over a user's live Chrome session, including submitting forms, without clear approval limits.
Install only if you are comfortable letting the agent inspect and operate your active Chrome session. Before use, specify the exact tab or site, close private pages, and require approval before any submit, purchase, post, delete, or account-changing action.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a request is ambiguous, the agent could submit forms or trigger actions on websites you are using.
This explicitly authorizes state-changing browser actions, including form submission, but the artifacts do not require confirmation before sensitive or irreversible actions.
Click, type, submit, and screenshot using stable references.
Use only with a clearly specified target tab/site, and require explicit user confirmation before submitting forms, making purchases, posting content, deleting data, or changing account settings.
The agent may be able to act with the same privileges as your browser on logged-in websites.
A live Chrome session may include authenticated websites and account privileges; the skill does not bound which accounts, tabs, or sites may be used.
Use this skill before any browser interaction that depends on the user's live Chrome session.
Close sensitive tabs, consider using a separate browser profile, and give narrow instructions about which tab or site the agent may access.