Clawflows

Security checks across malware telemetry and agentic risk

Overview

Clawflows is a disclosed automation runner, but it can download and run external workflows that chain other installed skills and may cause real side effects.

Review the npm package and workflow YAML before installing or running anything. Use `clawflows check` and `--dry-run` first, avoid untrusted registry workflows, and be especially careful with automations that send email, write calendar events, update databases, publish content, or enable cron scheduling.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill advertises searching, installing, running, scheduling, and publishing multi-step automations, but it does not clearly warn users that running an automation can trigger chained actions across other skills with real side effects such as database writes, external API calls, email/calendar access, log exposure, or scheduled execution. Because automations are downloaded from an external registry and can compose multiple capabilities, the absence of an explicit safety warning increases the chance that users execute workflows without understanding their effective permissions and operational impact.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal