Chrome Web Automation
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill is coherent browser-automation guidance, but it can act inside the user's live Chrome session and lacks explicit safeguards before submissions or account-affecting actions.
Only use this skill when you are comfortable letting the agent inspect and operate your active Chrome session. Keep the target tab and task narrow, and require confirmation before any submit, purchase, account change, message, upload, deletion, or other irreversible action.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent misunderstands the task or page context, it could submit a form, click a destructive button, or capture sensitive information from a live page.
The skill explicitly instructs the agent to perform browser actions, including form submission, but does not add approval requirements for sensitive or irreversible actions.
Click, type, submit, and screenshot using stable references.
Add clear limits requiring user confirmation before submitting forms, changing account settings, sending messages, making purchases, deleting data, or interacting with sensitive sites.
The agent may act with the user's existing web-session privileges, potentially affecting personal, work, financial, or administrative accounts.
A live Chrome session may contain logged-in accounts and active authenticated tabs, but the artifacts do not define which accounts, tabs, or domains may be used.
Use this skill before any browser interaction that depends on the user's live Chrome session.
Require the user to name the target site or tab and confirm any action that uses logged-in privileges or changes data.
Users have less information for verifying who created the skill and whether it matches an upstream project.
The skill is instruction-only and has no executable install step, but its public source and homepage are not provided, limiting provenance review.
Source: unknown Homepage: none
Prefer a version with a clear homepage, source repository, or publisher-provided provenance, especially for live-browser automation.