FlowFi
ReviewAudited by ClawScan on May 10, 2026.
Overview
FlowFi is an instruction-only API reference, but using it with a FlowFi JWT can let an agent create, run, edit, deploy, or delete your workflows, so sensitive actions should be confirmed.
This skill appears coherent and instruction-only, with no hidden code or install step. Before using it, verify the FlowFi API host, provide only tokens you are comfortable letting the agent use, prefer short-lived or revocable bearer tokens, and require explicit confirmation before deploying, starting, editing, stopping, cancelling, or deleting workflows.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a token is pasted or reused carelessly, the agent or anyone who obtains it may be able to act on the user's FlowFi resources.
The skill expects a FlowFi JWT and documents creating bearer tokens valid for up to one year. This is disclosed and appropriate for the API, but it gives whoever holds the token authority over protected FlowFi routes.
The user generates a JWT ... and sends it to OpenClaw. Use that token for all API calls below. ... expiresInSeconds ... 60–31536000 (1 yr)
Use the shortest practical token lifetime, verify the API host, avoid sharing tokens in unrelated chats, and revoke bearer tokens when no longer needed.
A mistaken API call could activate a workflow, stop it, or permanently delete it.
The API reference includes high-impact workflow mutation actions, including deployment and permanent deletion. These actions are purpose-aligned and disclosed, but they should not be performed casually or without clear user intent.
Deploy it: `POST /workflows/:id/deploy` ... `DELETE /workflows/:id` ... Permanently removes a workflow.
Require explicit confirmation for deploy, start, edit, stop, cancel, and delete actions, and verify workflow IDs before calling mutation endpoints.
An active workflow may keep running later and trigger actions or notifications until it is paused, stopped, undeployed, or deleted.
Deployed workflows can continue operating after the initial request. This is expected workflow-service behavior, not hidden persistence, but users should understand that deployment creates ongoing automation.
Workflow becomes active and runs on its triggers/schedule.
Review active workflows periodically and pause, stop, or undeploy anything that should no longer run.
Careless WebSocket token handling could expose a JWT, and pushed updates may persist workflow changes.
The WebSocket channel is authenticated and purpose-aligned, but it can carry JWTs and persistent workflow edits. Query-string tokens can be more exposed to logs than structured auth fields.
Connect with JWT in handshake: `auth.token` or query `token` ... Client can push workflow edits over WebSocket.
Prefer `auth.token` over query-string tokens, use TLS, avoid logging tokens, and confirm any workflow update sent over WebSocket.
Users have less independent information to verify that the API docs and base URL are authoritative.
The skill has no executable install path, so the supply-chain risk is limited, but the registry metadata gives little provenance for verifying the publisher or canonical documentation.
Source: unknown; Homepage: none
Confirm the FlowFi domain and official documentation before providing a JWT or making account-changing API calls.