Back to skill

Security audit

Clawflows

Security checks across malware telemetry and agentic risk

Overview

Clawflows is a disclosed automation runner, but it can install and run external workflows that may use other skills to change data, send messages, or run on a schedule.

Install only if you are comfortable trusting the `clawflows` npm CLI and the automations you choose from its registry. Before running a workflow, inspect the downloaded YAML, run `clawflows check`, use `--dry-run`, and be especially cautious with automations that send email, modify calendars or databases, access accounts, publish content, or enable scheduled execution.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This skill explicitly helps users search, install, and run third-party automations that can invoke multiple other skills, including capabilities for database access, email, calendar, network search, and scheduling, yet it provides no prominent safety warning about side effects or trust boundaries. That omission is dangerous because users may treat an automation as a simple workflow artifact when it can actually trigger data access, writes, external network actions, and recurring scheduled execution through whatever underlying skills are available on the host agent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.