Quack Workflow Engine
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent, but it can send workflow files to an external service and includes a workflow that posts generated web-search content to Twitter without clear approval or account-scope safeguards.
Review workflow files before running them, especially any workflow that posts, deletes, purchases, or changes external-account data. Treat Orchestrate as an external service that may receive your workflow contents and use linked accounts, and require a manual approval step before public posting.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A workflow file can cause remote actions to run, including high-impact actions if the remote platform supports them.
The runner submits the selected workflow file directly to the remote execution API without local validation, action allowlisting, or a confirmation gate before execution.
const content = await readFile(workflowPath, 'utf8'); ... const res = await fetch(`${BASE_URL}/api/v1/workflows/run`, { method: 'POST', ... body: content });Add explicit confirmation for mutating/public actions, validate allowed workflow actions, and make dry-run or preview the default for risky workflows.
Bad or manipulated web content could be transformed into a public post under the user's connected account.
The template chains untrusted web-search output into an LLM summary and then into a social-media post, with no shown human review or containment step.
action: web_search ... prompt: "Summarize these search results into a concise social media post: {{research.output}}" ... action: social_post ... text: "{{summarize.output}}"Insert a mandatory review/approval step between generated content and posting, and treat web-search results as untrusted input.
Users may not know which account will be used or what permissions the remote workflow service has when posting.
Posting to Twitter implies delegated social-account authority, but the artifacts do not declare which credential, account, or permission scope is used.
action: social_post ... platform: twitter
Document required Orchestrate and social-account credentials, account-linking behavior, permission scopes, and revocation steps.
Sensitive information placed in a workflow file may be shared with Orchestrate and any downstream providers it uses.
The selected workflow YAML is sent to an external orchestration provider. This is purpose-aligned, but prompts, inputs, or embedded data in the workflow leave the local environment.
const BASE_URL = 'https://orchestrate.us.com'; ... body: content
Avoid putting secrets or private data in workflow YAML unless the provider's data handling is acceptable; document downstream data sharing.
Users have less registry-level context for verifying the provider and may hit an undeclared runtime requirement.
The skill has limited provenance metadata and under-declares the Node runtime required by the documented command. No hidden install code or dependency download is shown.
Source: unknown; Homepage: none; Required binaries (all must exist): none
Declare the source/homepage and Node runtime requirement, and verify the Orchestrate provider before using workflows with sensitive or public effects.