Automation Workflows Local
ReviewAudited by ClawScan on May 1, 2026.
Overview
This is an instruction-only automation playbook that is broadly coherent, but users should carefully approve any connected-account workflows before enabling them.
This skill appears safe to install as an instruction-only guide. Before using it to build real automations, review each trigger and action, use least-privilege account connections, test carefully, and add human approval for workflows that affect money, customers, public posts, or important business records.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A misconfigured automation could update the wrong spreadsheet, CRM, email list, invoice, or task system.
The skill instructs users to configure and enable automation actions in external tools. This is purpose-aligned, but incorrect mappings or triggers could mutate records or send messages unintentionally.
Add action ... Test action ... Turn on workflow
Use test data or a sandbox where possible, verify every trigger/action mapping, and require human approval before enabling workflows that affect customers, finances, or public channels.
Connected automation tools may be able to read or change data in linked services depending on granted permissions.
The skill expects users to connect third-party accounts through automation platforms. This is normal for the stated purpose, but it delegates account authority to those platforms and workflows.
Connect your account (authenticate via OAuth)
Grant the minimum necessary OAuth scopes, use dedicated service accounts where available, and periodically review or revoke unused app connections.
Lead, customer, or business data could be copied into additional services if fields are over-shared.
The playbook encourages moving business data among multiple SaaS tools. This is expected for automation, but it creates third-party data-flow and boundary considerations.
Sync data between tools (CRM ↔ email tool ↔ spreadsheet)
Limit transferred fields to what each workflow needs, avoid unnecessary personal data, and confirm each service's retention and privacy settings.
One incorrect form submission or mapping error could create bad records, send unwanted emails, and generate follow-up tasks.
The example chains several actions across services. The skill includes testing and error-handling advice, but multi-step automations can propagate one bad trigger or bad input across several systems.
Step 1: Add lead to CRM ... Step 2: Send welcome email ... Step 3: Create task ... Step 4: Send me a Slack notification
Add filters, deduplication, rate limits, error notifications, and a manual review step for high-impact workflows.
The publisher/package identity is slightly ambiguous, which may matter for trust or version tracking.
The embedded metadata differs from the supplied registry metadata, which lists slug 'automation-workflows-local' and version '1.0.0'. With no code present this is a low-impact provenance note rather than evidence of unsafe behavior.
"slug": "automation-workflows", "version": "0.1.0"
Confirm the intended publisher and version if provenance is important before relying on the skill.