Clawflows
ReviewAudited by ClawScan on May 10, 2026.
Overview
Clawflows is a disclosed workflow runner, but it can install and execute external multi-skill automations that may act through powerful skills such as database, calendar, and email without clearly documented per-step approval boundaries.
Install only if you are comfortable with a workflow runner that can execute automations from an external registry through your other skills. Before running any automation, inspect the YAML, check required capabilities, use dry-run, and be especially careful with workflows that send email, write calendar events, update databases, publish content, or enable scheduling.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A workflow from the registry could cause the agent to write to databases, calendars, email, or other connected services if the necessary skills are installed.
The skill is designed to download workflow definitions and execute them through other skills, including capabilities that can write data or act on accounts. The artifact documents optional `--dry-run` but not mandatory per-step confirmation or capability limits.
`clawflows install youtube-competitor-tracker` ... Downloads to `./automations/youtube-competitor-tracker.yaml`; `clawflows run youtube-competitor-tracker`; capabilities include `database`, `calendar`, and `email`.
Inspect automation YAML before running it, use `clawflows check` and `--dry-run` first, and require explicit user approval for workflows that send messages, write data, or use account-connected skills.
A single faulty or malicious automation step could trigger incorrect downstream actions across files, databases, accounts, or other skills.
The workflow model passes outputs from one step into later steps, including write operations. Bad, unexpected, or untrusted data from an earlier step could propagate into later actions.
“Combine multiple skills into powerful workflows with logic, conditions, and data flow between steps.” Example: `capture: videos` followed by `method: upsert` with `data: "${videos}"`.Prefer dry runs, inspect data flow between steps, and avoid running workflows that feed untrusted data into write, publish, send, or delete actions without review.
Running an automation may use credentials already configured for other skills, such as email or calendar access.
The skill itself declares no primary credential, but automations may invoke other installed skills that use the user's account privileges. This is expected for an orchestrator, but it crosses permission boundaries.
Standard capabilities include `calendar` “Read/write events” and `email` “Send/receive email”.
Only run automations from sources you trust, and confirm which connected skills and accounts each automation will use.
The reviewed SKILL.md does not show the actual runtime behavior of the installed CLI package.
The skill installs an external npm CLI package, and the provided artifact set contains no CLI source code for review. This is central to the stated purpose, but users are relying on package and registry provenance.
node | package: clawflows | creates binaries: clawflows
Verify the npm package, publisher, and source repository before installing, and consider pinning a trusted version.
If scheduling is enabled, automations may run repeatedly without a fresh manual command each time.
The skill supports scheduled recurring execution through cron instructions. The behavior is disclosed and disable is documented, but scheduled workflows can keep acting after initial setup.
`clawflows enable youtube-competitor-tracker # Shows cron setup instructions`; `clawflows disable youtube-competitor-tracker`
Review any cron setup before enabling it, keep a list of scheduled automations, and disable schedules that are no longer needed.