Back to skill
Skillv1.1.0
ClawScan security
Power Automate Debug · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 7, 2026, 4:51 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requests and instructions are coherent with its stated purpose: it uses a FlowStudio MCP JWT to call the FlowStudio MCP API to read and (optionally) update Power Automate flows.
- Guidance
- This skill appears to do what it says: call FlowStudio MCP to inspect and (optionally) update Power Automate flows. Before installing or enabling it: 1) Confirm you trust FlowStudio (https://mcp.flowstudio.app) and that the FLOWSTUDIO_MCP_TOKEN you provide is from a trusted source. 2) Prefer a token scoped for the minimum needed permissions (read-only for diagnostics, separate write token for fixes) and with an expiration when possible. 3) Be mindful the skill includes steps that update and resubmit flows — only allow those actions if you trust the agent's capabilities and the token's privileges. 4) Because the skill is instruction-only, it won’t install local binaries, but the agent will make network calls to the external MCP endpoint; verify network governance and audit logs on the FlowStudio side. 5) If you want stricter control, require the agent to present proposed changes for manual approval before calling update_live_flow/resubmit_live_flow.
Review Dimensions
- Purpose & Capability
- okThe skill declares a single env var, FLOWSTUDIO_MCP_TOKEN, and all runtime instructions call the FlowStudio MCP service (mcp.flowstudio.app) to inspect and modify Power Automate flows. Required items (no binaries, one token) match the stated purpose.
- Instruction Scope
- noteSKILL.md confines the agent to calling FlowStudio MCP tooling (get_live_flow, get_live_flow_run_error, get_live_flow_run_action_outputs, update_live_flow, resubmit_live_flow, etc.). It does not instruct reading local files or unrelated environment variables. Note: the instructions include write operations (update_live_flow, resubmit_live_flow), so a token with write privileges could allow the agent to change flows — this is expected for a debugging/fix workflow but is an elevated action compared to read-only diagnostics.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files to be written/executed on the host. Lowest install risk.
- Credentials
- noteOnly FLOWSTUDIO_MCP_TOKEN is required (declared as primaryEnv), which is proportionate to calling the external MCP service. However, that single token likely grants broad access (read and possibly write) to flows; ensure the token's scope, lifetime, and permissions follow least-privilege principles.
- Persistence & Privilege
- okalways is false and there is no install-time persistence. Model invocation is allowed (platform default) — be aware the agent could call the external API when the skill is invoked, but the skill itself does not request permanent system-level privileges or modify other skills.