Business Automation Architect

ReviewAudited by ClawScan on May 10, 2026.

Overview

This instruction-only skill is transparent, but it should be reviewed because it guides an agent to build automations that can change finance, HR, and business systems.

Use this skill first for planning and documentation. Before allowing it to implement anything, require explicit approval for scripts, cron jobs, webhooks, payments, accounting updates, customer messages, and account or permission changes; use least-privilege test credentials and keep a clear way to disable every automation.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI02: Tool Misuse and Exploitation

What this means

If the agent has access to finance or accounting tools, a poorly scoped workflow could approve invoices, schedule payments, or update records incorrectly.

Why it was flagged

This describes automated financial approval, payment scheduling, and accounting writes. It is purpose-aligned, but the artifact does not mandate explicit user approval, dry-run testing, or rollback before enabling these high-impact actions.

Skill content

Amount within approved range? → Auto-approve
    - Over threshold? → Route to manager
  → Schedule payment based on terms
  → Update accounting system

Recommendation

Require human approval before any financial write action, define exact thresholds and approvers, test in dry-run mode first, and keep rollback/audit logs.

Medium

#ASI03: Identity and Privilege Abuse

What this means

An agent with broad admin access could create, modify, or grant access to business accounts incorrectly.

Why it was flagged

Creating accounts and changing team/channel membership require administrative privileges. The provided metadata declares no credential or scope contract, so the access boundary depends on whatever privileges the agent already has.

Skill content

→ Create accounts (email, Slack, GitHub, etc.)
  → Add to teams & channels

Recommendation

Use least-privilege service accounts, require approval for account creation or permission changes, and log all identity-management actions.

Low

#ASI10: Rogue Agents

What this means

A scheduled or event-triggered automation could continue sending messages or changing systems after the user forgets it exists.

Why it was flagged

Scheduled, webhook, email, and file-triggered workflows are expected for automation, but they can keep running after the initial task if lifecycle controls are not defined.

Skill content

trigger:
    type: "[schedule|webhook|event|manual|email|file]"
    config:
      # For schedule:
      cron: "0 9 * * 1-5"

Recommendation

Document every created job or webhook, set an owner and expiration/review date, and provide a clear disable or uninstall procedure.