Agentic Workflow Automation
PassAudited by ClawScan on May 1, 2026.
Overview
This skill coherently generates local workflow blueprint files and shows no credential use, network access, persistence, or exfiltration behavior.
This appears safe for generating workflow blueprint files. Before installing or using it, choose a dedicated output directory and be aware that the script's `--dry-run` option does not actually suppress writing the output file.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may run a local script to produce the requested blueprint artifact.
The skill explicitly directs use of a bundled Python script. This is purpose-aligned and the provided code is simple local file generation, but it is still local code execution.
- Run `scripts/generate_workflow_blueprint.py` for deterministic workflow output.
Run it only from the installed skill directory and avoid elevated privileges; review the chosen input and output paths.
A user who passes `--dry-run` may still get a file written or overwritten at the selected output path.
The dry-run help text says there will be no side effects, but the code still renders the output artifact. This appears to be a limited safety/wording issue rather than hidden harmful behavior.
parser.add_argument("--dry-run", action="store_true", help="Run without side effects."); ... render(result, Path(args.output), args.format)Do not rely on `--dry-run` to prevent file writes; use a safe output folder and consider updating the script so dry-run skips rendering.