Zapier
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (system-prompt-override); human review is required before treating this skill as clean.
Install only if you intend the agent to help with Zapier automation. Keep Zapier tokens scoped and private, review any Zap before it is enabled, require confirmation for live sends/updates/deletes, and avoid storing secrets or sensitive customer data in the Zapier memory file. ClawScan detected prompt-injection indicators (system-prompt-override), so this skill requires review even though the model response was benign.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used without review, the agent could send messages or perform other Zapier-connected actions the user did not intend.
The skill documents remote Zapier action execution through natural-language instructions, which is purpose-aligned but can trigger real actions in connected services.
Execute AI Action ... "instructions": "Send a Slack message to #general saying Hello" ... "https://actions.zapier.com/api/v1/run/ACTION_ID/"
Use test mode first and require explicit user approval before running AI Actions, enabling Zaps, or performing write/delete operations.
A Zapier token may allow listing, changing, or running automations that affect business data and third-party accounts.
The skill requires Zapier credentials, which are expected for Zapier automation but can grant access to account workflows and connected app automations.
`ZAPIER_API_KEY` — API key from zapier.com/developer/platform; `ZAPIER_TABLES_TOKEN` — Tables API token
Use the least-privileged Zapier token available, keep tokens out of prompts and memory files, and confirm account-impacting actions.
Incorrect or sensitive information stored in memory could be reused in later automation suggestions.
The skill keeps persistent context about the user's apps, workflows, plan, and preferences, which is useful but can influence future behavior.
Save integration preference to their main workspace memory. ... In ~/zapier/memory.md: Apps they use ... Common workflows ... Zapier plan ... API access level
Review the memory file periodically and do not store API keys, secrets, customer data, or other sensitive details there.
Mapped fields may leave the local environment and be processed by Zapier or connected services.
The skill clearly discloses that workflow data may be sent through Zapier to connected third-party apps.
This skill sends data to Zapier (zapier.com) and any apps you connect through Zaps.
Only map the fields needed for each workflow, avoid sending secrets or unnecessary personal data, and verify destination apps before enabling a Zap.