Business Automation Architect

PassAudited by VirusTotal on May 12, 2026.

Overview

Type: OpenClaw Skill Name: afrexai-business-automation Version: 1.0.0 The skill bundle instructs the AI agent to act as a business automation architect, leveraging powerful capabilities such as executing shell commands (`exec` for `curl`, `jq`, `python`), performing web fetches (`web_fetch`), scheduling tasks (`cron`), and writing to the file system. While these capabilities are presented with benign examples and placeholders (e.g., `api.example.com`), the inherent power to generate and execute arbitrary shell scripts and make network calls constitutes a significant risk. This is classified as suspicious because it enables high-risk operations (like potential RCE via `exec` and data manipulation via file system access) that, if misused by a malicious actor or combined with a vulnerable agent runtime, could lead to unauthorized actions, even though the skill itself does not demonstrate malicious intent.

Findings (0)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Concern

ASI02: Tool Misuse and Exploitation

What this means

If the agent has access to finance or accounting tools, a poorly scoped workflow could approve invoices, schedule payments, or update records incorrectly.

Why it was flagged

This describes automated financial approval, payment scheduling, and accounting writes. It is purpose-aligned, but the artifact does not mandate explicit user approval, dry-run testing, or rollback before enabling these high-impact actions.

Skill content

Amount within approved range? → Auto-approve
    - Over threshold? → Route to manager
  → Schedule payment based on terms
  → Update accounting system

Recommendation

Require human approval before any financial write action, define exact thresholds and approvers, test in dry-run mode first, and keep rollback/audit logs.

Concern

ASI03: Identity and Privilege Abuse

What this means

An agent with broad admin access could create, modify, or grant access to business accounts incorrectly.

Why it was flagged

Creating accounts and changing team/channel membership require administrative privileges. The provided metadata declares no credential or scope contract, so the access boundary depends on whatever privileges the agent already has.

Skill content

→ Create accounts (email, Slack, GitHub, etc.)
  → Add to teams & channels

Recommendation

Use least-privilege service accounts, require approval for account creation or permission changes, and log all identity-management actions.

Note

ASI10: Rogue Agents

What this means

A scheduled or event-triggered automation could continue sending messages or changing systems after the user forgets it exists.

Why it was flagged

Scheduled, webhook, email, and file-triggered workflows are expected for automation, but they can keep running after the initial task if lifecycle controls are not defined.

Skill content

trigger:
    type: "[schedule|webhook|event|manual|email|file]"
    config:
      # For schedule:
      cron: "0 9 * * 1-5"

Recommendation

Document every created job or webhook, set an owner and expiration/review date, and provide a clear disable or uninstall procedure.