Flowtriq - anti-DDoS attack integration
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone installing it must trust the agent with a Flowtriq API key for the configured node.
The skill requires Flowtriq credentials and a node identifier to call authenticated APIs. This is expected for the stated integration, but it grants access to operational DDoS-monitoring data and any privileges attached to the key.
Requires FLOWTRIQ_API_KEY and FLOWTRIQ_NODE_UUID env vars. ... Authorization: Bearer $FLOWTRIQ_API_KEY ... X-Node-UUID: $FLOWTRIQ_NODE_UUID
Use a scoped, revocable Flowtriq key if available, limit it to the intended node, and rotate it if the skill is removed or no longer trusted.
If used carelessly, the agent could create or modify Flowtriq records or upload sensitive network-capture files.
The reference includes write-capable API operations, including node registration, incident creation/update, and PCAP upload. These fit a DDoS-management workflow but can change account state or send packet captures.
### POST /api/deploy Register a new node. ... ### POST /v1/agent/incident Opens or updates an active incident. ... ### POST /v1/agent/pcap Upload a PCAP file.
Require explicit user confirmation before any POST action, especially node registration, incident updates, or PCAP upload.
Users cannot tell from the metadata whether this was published by Flowtriq or a trusted maintainer.
The skill has no code to install or execute, but its provenance is not clearly tied to an official Flowtriq source.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Verify the skill publisher and Flowtriq endpoint before adding credentials.