Loom Workflow
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its Loom-analysis purpose, but it ships signed Loom video URLs and can generate executable browser/email workflows without robust approval or escaping.
Install only if you trust the publisher and are comfortable reviewing generated automation before running it. Remove the bundled test-output data, use approved tools/providers for transcription and vision analysis, redact sensitive frames, and run generated .lobster files only after manual review and a dry run.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone with the package could see metadata for a real Loom recording and, if the links are still valid, potentially access media from it.
The package includes a test output file containing signed Loom/CDN media URLs. Policy, Signature, and Key-Pair-Id query strings are bearer-style access links and do not need to be shipped with the skill.
"url": "https://luna.loom.com/...mediaplaylist-audio.m3u8?Policy=...&Signature=...&Key-Pair-Id=APKAJQIC5BGSW7XXK7FQ"
Remove test-output files containing signed URLs, rotate or expire any exposed links if possible, and add packaging rules so generated Loom metadata is never published.
A generated workflow could send messages or perform browser/account actions when run if the analysis marks the step as routine rather than ambiguous.
The generator can emit an executable message-send command, but approval is only added for input-required, ambiguous, or decision-point steps. External actions are not unconditionally gated.
if "send" in action:
return "openclaw.invoke --tool message --action send --args-json '${email_params}'"
...
if step.get("requires_input") or step.get("ambiguities"):
lobster_step["approval"] = "required"Require approval for every browser, email, message, posting, deletion, or other external side-effecting command, and make generated workflows dry-run or TODO-only until explicitly reviewed.
A crafted or mistaken analysis value containing quotes or shell metacharacters could alter the generated command if the .lobster file is later executed.
The ui_element value comes from analysis JSON derived from video/LLM output and is interpolated directly into a shell-like command string without JSON or shell escaping.
return f"openclaw.invoke --tool browser --action act --args-json '{{\"kind\": \"click\", \"ref\": \"{ui_element}\"}}'"Build commands with structured arguments, use json.dumps and shell-escaping where needed, validate fields from analysis JSON, and tell users not to run generated workflows before review.
Screenshots, transcripts, customer data, credentials shown on screen, or internal process details may be shared with the chosen model provider.
The workflow explicitly sends extracted screen-recording frames and the generated prompt to a vision-capable LLM. This is expected for the skill, but the frames may contain sensitive business data.
cat output/workflow-analysis-prompt.md | claude --images output/frames/*.jpg
Use an approved model provider, redact sensitive frames when possible, and review the output directory before attaching images to an external model.
The skill may fail to run as documented or cause users/agents to improvise dependency installation outside the reviewed artifacts.
The registry metadata under-declares setup: SKILL.md lists yt-dlp, ffmpeg, whisper, and a vision-capable LLM, while the quick start references a scripts/loom-workflow wrapper that is not in the manifest.
Required binaries (all must exist): none ... No install spec — this is an instruction-only skill.
Declare all required binaries and Python packages, include or remove the referenced wrapper, and document trusted installation sources.