client-flow
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill is purpose-aligned but should be reviewed because it can create/send/schedule across email, calendar, cloud storage, task tools, and maintain a client registry from one prompt.
Install only if you want an agent to coordinate onboarding across your business tools. Before use, confirm which accounts and folders it may access, require previews before external sends or calendar invites, and choose where any client registry and reminders are stored.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken client name, email, date, or inferred project detail could be sent or scheduled across several services before the user has reviewed the full plan.
The skill instructs the agent to perform multiple account mutations and external communications across business tools. These actions fit the purpose, but the artifact does not clearly require review/approval for every high-impact action.
creates Google Drive/Dropbox project folder structure, generates project brief, sends templated welcome email, schedules kickoff meeting on Google Calendar, sets up task board ... configures follow-up reminders
Require an explicit preview and user confirmation before sending emails, creating calendar invites, creating task boards, writing cloud folders, or setting reminders.
The agent may act using the user's connected Google, Outlook, Dropbox, Notion, or task-manager accounts.
The skill expects use of already-configured provider identities for calendar and related integrations. This is expected for the workflow, but users should understand which connected accounts the agent may use.
Use Google Calendar via `gog` tool, or Outlook if configured.
Use least-privilege connected accounts where possible and confirm the target account/workspace before running the onboarding sequence.
Sensitive client and business information could be stored and reused across future tasks in ways the user did not intend.
The skill proposes a persistent registry containing client contact information, project status, deadlines, and financial value, but the visible artifact does not define storage location, access controls, retention, or opt-out behavior.
Maintain a master list of all clients and projects: | Client | Project | Status | Contact | Start | Deadline | Value |
Store the registry only in a user-chosen location/account, disclose retention, allow opt-out, and require review before reusing registry data.
Recurring reminders may continue after the initial setup unless the user manages or removes them.
The skill can create persistent scheduled reminders after the initial onboarding task. This is purpose-aligned, but the artifact does not clearly state expiration or cleanup behavior.
Use OpenClaw cron or the task manager's reminder system.
Ask the user before creating recurring reminders and include clear instructions to pause, edit, or delete them.