Clawhub
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is a coherent OctoFlow integration, but users should grant its optional file, network, execution, and MCP access narrowly.
Before installing, verify the OctoFlow binary source. When using it, grant only the minimum needed permissions, avoid broad `--allow-read=.` or `--allow-write=.` unless appropriate, and enable the MCP server only for trusted agent clients.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill may require trusting the OctoFlow executable from GitHub Releases.
The skill relies on downloading and running an external prebuilt binary. That is expected for this CLI-focused skill, but the binary source should be trusted.
kind: download url: https://github.com/octoflow-lang/octoflow/releases/download/v1.5.8/ bins: [octoflow]
Download only from the official project release, verify the version, and avoid unofficial mirrors.
A poorly specified or mistaken prompt could run unintended OctoFlow computations, especially if extra permissions are granted.
The skill is explicitly designed to turn natural language into executable OctoFlow programs. This is central to its purpose, but users should recognize that it runs generated code.
Chat mode (natural language to running code) ```bash octoflow chat "sort 1M numbers on GPU" ```
Review the task and permission flags before running generated code, and avoid granting permissions that are not needed.
If used as written, OctoFlow may read or write anywhere in the current directory rather than only the intended files.
The examples show broad current-directory read and write permissions. They are user-directed and purpose-aligned, but broader than necessary for many tasks.
octoflow chat "load sales.csv, compute monthly averages, and plot the trend" --allow-read=. ... octoflow chat "load photo.bmp, apply gaussian blur, save as blurred.bmp" --allow-read=. --allow-write=.
Prefer narrow paths such as `--allow-read=./data` and `--allow-write=./output` instead of `.` when possible.
Configured AI clients may be able to ask OctoFlow to execute code through MCP.
The skill documents an MCP server that lets agent clients invoke OctoFlow execution tools. This is disclosed and aligned with the integration purpose.
OctoFlow can run as an MCP server for AI agent integration: ```bash octoflow mcp-serve ``` ... `octoflow_run` | Execute OctoFlow code directly
Enable the MCP server only for trusted clients and keep OctoFlow permissions scoped to the task.
Project or user preferences may persist across sessions and could influence later OctoFlow behavior.
The skill discloses persistent user-level and project-level state. Persistence is not inherently unsafe, but users should know it can affect future runs.
OctoFlow optionally saves your preferences to `~/.octoflow/` (user-level) and `.octoflow/` (per-project).
Review `.octoflow/` settings in untrusted projects and remove stored preferences if behavior is unexpected.