ClawHub
Back to skill
v1.0.0

Clawflows

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 4:57 AM.

Analysis

Clawflows is a disclosed workflow runner, but it deserves review because it can install and run external automations that chain other skills and potentially perform high-impact actions.

GuidanceTreat this as installing a workflow marketplace/orchestrator. Use it only with automations you trust, inspect downloaded YAML files, run checks and dry-runs first, and be especially careful with workflows that send email, write calendars, update databases, or run on a schedule.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
SKILL.md
"Search, install, and run multi-skill automations ... with logic, conditions, and data flow between steps"; standard capabilities include "calendar | Read/write events" and "email | Send/receive email".

The skill's core function is to execute workflows that chain other tools/capabilities, including ones that can mutate user data or send messages.

User impactA workflow could use installed skills to update databases, read or write calendar events, send email, or move data between steps if the user runs it.
RecommendationBefore running an automation, inspect the downloaded YAML, run `clawflows check` and `clawflows run ... --dry-run`, and require explicit approval for workflows that write data, send messages, or use sensitive accounts.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
`npm i -g clawflows`; `clawflows install youtube-competitor-tracker` downloads to `./automations/youtube-competitor-tracker.yaml`.

The skill depends on an external npm package and external registry-provided automation definitions. That is purpose-aligned, but it makes package and workflow provenance important.

User impactIf the CLI package or a downloaded automation is untrusted, it could drive the workflow runner toward unintended actions.
RecommendationInstall only from the expected npm/GitHub source, review downloaded automation YAML before running it, and prefer trusted or reviewed automations.
Cascading Failures
SeverityLowConfidenceHighStatusNote
SKILL.md
`capture: videos` followed by `method: upsert` with `data: "${videos}"`.

The example shows outputs from one step being reused by later steps, including a database write. This is normal for workflows, but bad or unexpected upstream data can propagate.

User impactAn incorrect or manipulated earlier step could affect later writes, messages, or other automated actions.
RecommendationUse dry-run mode and inspect intermediate data before allowing workflows to write to databases, calendars, email, or other durable systems.
Rogue Agents
SeverityLowConfidenceHighStatusNote
SKILL.md
`clawflows enable youtube-competitor-tracker   # Shows cron setup instructions`; `clawflows disable youtube-competitor-tracker`.

The skill documents a scheduling path that can make automations recur through cron, although it is presented as user-directed and includes a disable command.

User impactA scheduled automation could continue running after the initial setup and repeat any workflow actions on a timer.
RecommendationEnable scheduling only for trusted automations, keep track of any cron entries created, and disable schedules that are no longer needed.