Farmos Workforce
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This workforce skill is relevant to its purpose, but it gives the agent sensitive employee access and lets it make or announce scheduling/payroll-related changes from casual messages without clear approval boundaries.
Install only if you trust the FarmOS API, the local authentication helper, and the role-mapping file. Before using it, make sure write actions require confirmation, employee details are not broadcast to broad channels, and manager/admin tokens are used only for clearly authorized requests.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A misunderstood casual message could create a time-off record, affect timesheet approval, or trigger payroll-related exports or workflow changes.
The skill directs the agent to perform persistent workforce and payroll-adjacent API actions from minimal casual input, without requiring explicit confirmation before logging requests, approving timesheets, or exporting payroll data.
Minimum viable input: Any mention of schedule, availability, time off, or who is working. "I need Friday off" is enough. ... Log to workforce module API (POST /api/requests for time-off ...). ... POST /api/time/entries/{id}/approve ... GET /api/time/exportRequire explicit user confirmation for any POST/export/approve/reject/clock action, and restrict autonomous use to read-only queries unless a manager clearly authorizes the specific change.
If the wrong token or role mapping is used, an employee request could be answered with team-wide or payroll-sensitive data.
The skill instructs use of a manager JWT helper and a local role-mapping file for access to sensitive workforce data, while the metadata declares no credentials or config paths. Mis-scoping could expose manager-level employee, hours, or payroll information.
TOKEN=$(~/clawd/scripts/farmos-auth.sh manager) ... Check `~/.clawdbot/farmos-users.json` for the sender's role. - admin/manager: Can see all employee data, hours, payroll info. - employee: Can only see own profile and time entries.
Declare the required credential and role-mapping files, use least-privilege per-user tokens by default, and require explicit manager/admin confirmation before accessing team-wide or payroll data.
Personal schedule or absence details could be shared more broadly than the employee expected.
The skill captures personal schedule details and volunteered reasons, then instructs notification to a shared channel without defining who can see it or what fields should be redacted.
Reason (ONLY if volunteered ...). ... "I'll be late Monday, doctor appointment" ... Routing: Log to workforce module API ... Notify in #farm-workforce channel for visibility
Limit channel notifications to minimal non-sensitive fields, send private manager-only messages for personal details, and clearly tell users when a message will be logged or broadcast.
Users must trust a local helper script outside this skill to obtain workforce credentials.
The skill depends on an external local authentication helper that is not included in the provided artifacts, so its token handling cannot be reviewed here.
TOKEN=$(~/clawd/scripts/farmos-auth.sh manager)
Review the referenced authentication script separately and document its source, expected output, and permissions.