Automation Workflows
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill is coherent and benign, with expected cautions around connecting business apps and enabling automations that can keep acting on data.
Safe to treat as an instructional automation guide, but before following it, review each connected app's permissions, test workflows with low-risk data, add failure alerts, and periodically audit automations that remain enabled.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A connected automation service may be able to read or change data in the accounts the user authorizes.
The skill tells users to connect third-party accounts, which is expected for Zapier-style automation but gives the automation platform delegated access to those accounts.
**Connect your account** (authenticate via OAuth)
Review OAuth scopes, connect only necessary accounts, prefer least-privilege or dedicated service accounts where possible, and revoke unused connections.
Lead, customer, payment, or operational data could be copied into multiple services if the workflow is configured that way.
The workflow examples involve moving business or customer data between external services, which is central to the skill but worth handling carefully.
Sync data between tools (CRM ↔ email tool ↔ spreadsheet)
Limit fields to what each tool needs, avoid unnecessary sensitive data, check privacy/compliance obligations, and document where automation data flows.
An enabled workflow can keep sending messages, updating records, or triggering actions until the user disables or changes it.
The skill instructs users to enable workflows that will continue operating after setup; this persistence is purpose-aligned for automation but should be monitored.
**Turn on workflow** (Zapier calls this "turn on Zap")
Start with low-impact workflows, test before enabling, add error notifications, and periodically review or disable automations that are no longer needed.