ARG Action Chain Designer
PassAudited by ClawScan on May 8, 2026.
Overview
The visible artifacts describe an instruction-only workflow-design helper with no code or credential requirement, but users should review any generated commands or credentialed workflow steps before using them.
Based on the visible artifacts, this looks safe to install as an instruction-only design skill. Before using any generated ARG chain, manually review commands, scripts, API steps, schedules, and external actions; keep human approval for irreversible or public-facing actions. The submitted SKILL.md view is truncated, so review the complete file if available before installation.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A generated action chain may include shell commands or scripts that a user or agent later executes.
The skill can design workflows that include commands or scripts. This is central to its purpose, but those generated commands could affect files or systems if later run without review.
Validation gates: commands, schema checks, checklist gates, or human review gates.
Review generated commands and scripts before running them, especially if they modify files, call external services, or perform irreversible actions.
Users could accidentally include real secrets or overbroad access details in a generated workflow design.
The skill may ask the user to account for credentials or external-system access when designing a workflow. The artifacts do not show credential collection or transmission, but this is sensitive information to handle carefully.
Inputs: files, APIs, user context, credentials, schedules, or external systems.
Describe credential requirements by type and scope rather than pasting secret values; use least-privilege credentials and approved secret storage for any workflow that later runs.