ClawAudit verdict
amazon
amazon-ordering
Browser automation for Amazon ordering and returns using CDP; operates on the user's own logged-in Amazon session with explicit verification steps before purchase, consistent with stated purpose.
โ Flagged for review โ coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.
Automated static analysis โ not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
Findings (1)
Instruction-prose smuggling shape detected: collects a sensitive target ("password") and emits it outward ("forward"). Phrased as prose with no trigger tokens โ a semantic prompt-injection / data-exfil pattern the syntactic scanners can't see. Final tier capped at Caution; review the instructions before installing.
SKILL.md ยท - `agent-browser` CLI installed - Chrome running with `--remote-debugging-port=9222` (see [Starting the browser](#starting-the-browser-if-not-running)) - Logged
Permissions & capabilities
No declared permissions โ minimal attack surface.
Is this flag fair?
Thanks โ recorded.