Skillv1.0.0

ClawScan security

Automation Workflows Moss · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 14, 2026, 3:40 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is instruction-only and its requirements/behavior are consistent with an automation-playbook for no-code tools; there is no code, no installers, and no requested secrets — but the package metadata in _meta.json differs from the registry metadata and the skill has no homepage, so verify provenance before installing.
Guidance: This skill appears to be a straightforward how-to playbook for no-code automation and is internally coherent; however, there is no homepage and the embedded _meta.json metadata differs from the registry entry (ownerId/slug/version mismatch), so verify the skill's provenance before installing. If you proceed: (1) grant OAuth access only with minimal scopes (use read-only where possible and avoid giving full admin keys), (2) test automations with dummy/test accounts and data, (3) avoid exposing sensitive customer data to new automations until you confirm field mappings and error handling, and (4) prefer tools/accounts you control (e.g., a separate Zapier workspace or self-hosted n8n) so you can revoke access if needed.
Findings: [no-findings] expected: The regex-based scanner found no code to analyze because this is an instruction-only skill (only SKILL.md and _meta.json present). No suspicious patterns were detected.

Review Dimensions

Purpose & Capability: noteThe SKILL.md content describes identifying and building no-code automation workflows (Zapier, Make, n8n) and all instructions align with that purpose. Minor provenance inconsistencies exist: the repository/manifest metadata (_meta.json) uses a different ownerId, slug, and version than the registry metadata (registry shows 'automation-workflows-moss' v1.0.0; _meta.json shows 'automation-workflows' v0.1.0). This is not a functional mismatch but reduces confidence in source integrity.
Instruction Scope: okInstructions stay within scope: they walk through auditing tasks, selecting a tool, designing, building, testing, and maintaining workflows. They explicitly reference authenticating accounts via standard OAuth to the third-party automation tools (expected). There are no instructions to read local system files, environment variables, or to send data to unexpected endpoints.
Install Mechanism: okThere is no install specification and no code files — the skill is instruction-only. That minimizes on-disk attack surface and makes the install mechanism low-risk.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. The guide advises connecting third-party accounts via OAuth when implementing automations, which is appropriate and proportional for its stated purpose.
Persistence & Privilege: okThe skill does not request always:true or any elevated persistence. It is user-invocable and can be invoked autonomously by the agent (platform default) but does not request persistent system changes.