flomo-web-crud

This skill is a legitimate browser-automation utility for CRUD operations on flomo web memos and contains no explicit malware patterns or external exfiltration endpoints in the provided spec. The primary security risks are operational: reading sensitive memo contents and performing live writes in an authenticated session. Mitigations should be applied at the agent/runner level: enforce non-bypassable confirmations, redact memo bodies from logs and outputs, and restrict or audit higher-privilege fallbacks (chrome_computer). With those controls, risk can be reduced to acceptable levels for trusted operators; without them, the skill represents a moderate security risk due to potential data leakage and destructive actions.