Flowtriq - anti-DDoS attack integration
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: flowtriq Version: 1.0.0 The Flowtriq skill bundle is designed for monitoring and managing DDoS protection infrastructure via the flowtriq.com API. It is classified as suspicious because the `GET /v1/agent/config` endpoint (documented in SKILL.md and references/api-endpoints.md) retrieves a `pending_commands` field containing raw shell commands (e.g., `iptables` rules) from a remote server. While the instructions advise the agent to surface these for user review rather than executing them automatically, the capability to fetch and potentially prompt the execution of remote-sourced code constitutes a high-risk RCE (Remote Code Execution) surface. Additionally, the skill includes functionality for uploading PCAP files (`POST /v1/agent/pcap`), which is a high-risk data exfiltration vector, although both behaviors are plausibly aligned with the stated purpose of DDoS mitigation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone installing it must trust the agent with a Flowtriq API key for the configured node.
The skill requires Flowtriq credentials and a node identifier to call authenticated APIs. This is expected for the stated integration, but it grants access to operational DDoS-monitoring data and any privileges attached to the key.
Requires FLOWTRIQ_API_KEY and FLOWTRIQ_NODE_UUID env vars. ... Authorization: Bearer $FLOWTRIQ_API_KEY ... X-Node-UUID: $FLOWTRIQ_NODE_UUID
Use a scoped, revocable Flowtriq key if available, limit it to the intended node, and rotate it if the skill is removed or no longer trusted.
If used carelessly, the agent could create or modify Flowtriq records or upload sensitive network-capture files.
The reference includes write-capable API operations, including node registration, incident creation/update, and PCAP upload. These fit a DDoS-management workflow but can change account state or send packet captures.
### POST /api/deploy Register a new node. ... ### POST /v1/agent/incident Opens or updates an active incident. ... ### POST /v1/agent/pcap Upload a PCAP file.
Require explicit user confirmation before any POST action, especially node registration, incident updates, or PCAP upload.
Users cannot tell from the metadata whether this was published by Flowtriq or a trusted maintainer.
The skill has no code to install or execute, but its provenance is not clearly tied to an official Flowtriq source.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Verify the skill publisher and Flowtriq endpoint before adding credentials.