ClawHub

FlowFi

v1.0.3

REST API instructions for FlowFi—authorization, smart accounts, workflows (AI generate, edit, deploy, undeploy, delete, pause, resume, stop), execution (list...

0· 791·0 current·0 all-time
by@devarogundade
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description describe a REST/WebSocket API for workflow management; the files only contain API docs and example endpoints. There are no unrelated binaries, installs, or credentials requested, so required resources are proportionate to the stated purpose.
Instruction Scope
SKILL.md and the docs restrict actions to calling FlowFi REST endpoints and WebSocket messages using a user-supplied JWT. The instructions do not direct reading local files, environment variables, or other system state, nor do they instruct exfiltration to unexpected endpoints. They do allow writing changes to the backend (e.g., deploy, delete, clone, workflow:update) which is expected for this API.
Install Mechanism
No install spec and no code files — this is instruction-only and nothing is written to disk or downloaded during install.
Credentials
The skill declares no required env vars or credentials. It expects the user to supply a JWT for protected routes, which is appropriate for an API-integration doc. No unrelated secrets or multiple unrelated credentials are requested.
Persistence & Privilege
always is false and the skill does not request persistent or elevated platform privileges. It does describe API actions that are destructive (delete, deploy, clone) but those are legitimate parts of the described API and operate against the remote backend only.
Assessment
This doc-only skill appears to be a straightforward API reference. Before using it, only provide a JWT you trust and understand the token's scope/expiry (prefer short-lived or scoped tokens). Be aware that many endpoints are destructive (DELETE /workflows/:id, POST /workflows/:id/deploy, POST /templates/:id/clone, WebSocket workflow:update) so any automated agent using this skill can change or remove workflows on your backend. Confirm the correct base URL for your environment (docs show different example domains) and avoid handing over tokens with broad/long-lived permissions unless you intend the agent to operate with those privileges.

Like a lobster shell, security has layers — review code before you run it.

latestvk974635daegmrbnpbrkdw3x4t5818mp5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments