Workflows
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only workflow playbook is coherent and safety-oriented, but workflows built from it can run powerful tool, shell, file, and KV steps and may leave persistent logs or artifacts.
This appears safe to install as an instruction-only workflow playbook. Before using it, review any workflow definition it helps create, confirm the requested permissions are narrow, validate before running, and avoid storing secrets in workflow logs, run artifacts, or KV entries.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A workflow created using this guidance could change files, call external tools, or run commands if the user grants those permissions.
The skill documents workflow steps that can invoke tools, run shell commands, access files, query SQL, and use KV storage. This is expected for a workflow-authoring playbook, but it is powerful enough that users should review permissions and side effects before running workflows.
- `type: "ts"`: full scripting access (`callTool`, `sql`, `exec`, `fs`, `kv`) - `type: "bash"`: shell command step
Only run reviewed workflow definitions, keep permissions least-privilege, use `allow`/`block` controls, validate before running, and require explicit approval for writes, posts, trades, or other side effects.
Sensitive inputs, intermediate context, or tool outputs could remain in local run artifacts and be reused or reviewed later.
The workflow system stores run outputs, logs, context, stdout, and stderr as artifacts. This is useful for debugging and evaluation, but persistent artifacts may retain sensitive task data if workflows log or store it.
Each `workflow run` produces artifacts in `/workspace/.harness/runs/run_xxx/` ... `{step}.context.json` ... `{step}.stdout` ... `{step}.stderr`Avoid putting secrets or private data in workflow inputs, logs, stdout, stderr, or context artifacts; scrub artifacts when needed and define retention or cleanup practices for sensitive runs.