Automation Workflows Moss
v1.0.0Design and implement automation workflows to save time and scale operations as a solopreneur. Use when identifying repetitive tasks to automate, building wor...
⭐ 0· 250·3 current·3 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The SKILL.md content describes identifying and building no-code automation workflows (Zapier, Make, n8n) and all instructions align with that purpose. Minor provenance inconsistencies exist: the repository/manifest metadata (_meta.json) uses a different ownerId, slug, and version than the registry metadata (registry shows 'automation-workflows-moss' v1.0.0; _meta.json shows 'automation-workflows' v0.1.0). This is not a functional mismatch but reduces confidence in source integrity.
Instruction Scope
Instructions stay within scope: they walk through auditing tasks, selecting a tool, designing, building, testing, and maintaining workflows. They explicitly reference authenticating accounts via standard OAuth to the third-party automation tools (expected). There are no instructions to read local system files, environment variables, or to send data to unexpected endpoints.
Install Mechanism
There is no install specification and no code files — the skill is instruction-only. That minimizes on-disk attack surface and makes the install mechanism low-risk.
Credentials
The skill declares no required environment variables, credentials, or config paths. The guide advises connecting third-party accounts via OAuth when implementing automations, which is appropriate and proportional for its stated purpose.
Persistence & Privilege
The skill does not request always:true or any elevated persistence. It is user-invocable and can be invoked autonomously by the agent (platform default) but does not request persistent system changes.
Scan Findings in Context
[no-findings] expected: The regex-based scanner found no code to analyze because this is an instruction-only skill (only SKILL.md and _meta.json present). No suspicious patterns were detected.
Assessment
This skill appears to be a straightforward how-to playbook for no-code automation and is internally coherent; however, there is no homepage and the embedded _meta.json metadata differs from the registry entry (ownerId/slug/version mismatch), so verify the skill's provenance before installing. If you proceed: (1) grant OAuth access only with minimal scopes (use read-only where possible and avoid giving full admin keys), (2) test automations with dummy/test accounts and data, (3) avoid exposing sensitive customer data to new automations until you confirm field mappings and error handling, and (4) prefer tools/accounts you control (e.g., a separate Zapier workspace or self-hosted n8n) so you can revoke access if needed.Like a lobster shell, security has layers — review code before you run it.
latestvk971pp6h9m59cbs7rjpr951gy182x5m5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.