Monday
PassAudited by VirusTotal on May 6, 2026.
Overview
Type: OpenClaw Skill Name: monday-workflows Version: 0.1.0 The skill bundle provides instructions for an AI agent to manage Monday.com workflows via the ClawLink integration service. The instructions in SKILL.md follow standard OAuth pairing and tool discovery patterns, emphasizing secure credential handling and requiring user confirmation for destructive actions. There is no evidence of malicious intent, data exfiltration, or harmful prompt injection; the workflow is consistent with its stated purpose of using the claw-link.dev platform and the clawlink-plugin.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Approved actions could change boards, items, subscribers, ownership, users, or workspace settings in the connected Monday account.
The skill can call tools that modify Monday workspace/account data, but the artifact also instructs previewing and confirming high-impact writes.
Manage subscribers and ownership after confirmation ... Manage account or workspace operations with care ... Confirm high-impact writes before execution
Review previews carefully, confirm only intended changes, and be especially cautious with bulk, destructive, ownership, user, or workspace operations.
ClawLink and the OpenClaw plugin can act on the connected Monday account within the authorized permissions.
The integration relies on delegated Monday OAuth access through ClawLink, which is expected for the stated purpose but grants account authority according to the user's Monday permissions and scopes.
The page opens the add-connection panel filtered to Monday. ClawLink's hosted page runs the hosted OAuth flow — the user clicks through the monday.com login and authorization screen.
Connect only the intended Monday account/workspace, review the OAuth authorization screen, and revoke the connection if it is no longer needed.
The actual runtime behavior depends on the installed ClawLink plugin and live ClawLink tool catalog, not just this SKILL.md file.
The skill depends on a separate plugin installation. This is disclosed and central to the skill's design, but the plugin code is not part of the supplied instruction-only artifact.
Install the verified ClawLink plugin: `openclaw plugins install clawhub:clawlink-plugin`
Install the plugin only from the expected ClawHub source and verify ClawLink using the provided documentation or verification link before connecting accounts.
Monday account metadata, tool requests, and responses may pass through ClawLink as part of normal operation.
Monday credential handling and tool calls are routed through an external integration hub. The artifact discloses this boundary, but users should understand that ClawLink mediates access to Monday.
ClawLink ... handles hosted connection flows and credentials ... ClawLink provides tools dynamically based on what the user has connected.
Use this skill only if you trust ClawLink to handle the connected Monday account data and credentials, and review ClawLink's privacy/security information if needed.