Back to skill
Skillv1.0.0
ClawScan security
Power Automate Governance · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 11:03 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's declared purpose (governing Power Automate flows via FlowStudio MCP) aligns with its runtime instructions and required credential (FLOWSTUDIO_MCP_TOKEN); there are no unrelated env vars, installs, or file writes requested.
- Guidance
- This skill appears coherent and does what it claims: it reads and writes governance metadata in the FlowStudio cached store and requires a FlowStudio MCP/Pro+ token. Before installing: (1) verify you trust the FlowStudio service and that the token you provide is scoped with least privilege; (2) confirm you have the Pro+ subscription needed (403/404 will occur otherwise); (3) understand that updates change FlowStudio's cached metadata (e.g., notification recipients) but do not modify the live Power Automate flows themselves; and (4) consider enabling audit logs or monitoring for changes to governance metadata if you need oversight. If you want stronger assurance, ask the publisher for documentation on token scopes and for sample API/tool schemas that will be used at runtime.
Review Dimensions
- Purpose & Capability
- okName/description match the runtime instructions: it reads and updates FlowStudio's cached store via store_* tools to manage governance metadata. The single required env var (FLOWSTUDIO_MCP_TOKEN) is appropriate for a FlowStudio integration.
- Instruction Scope
- okSKILL.md specifies using tool calls (list_store_flows, get_store_flow, update_store_flow, tool_search) and contains concrete parsing rules (split id on first '.'). It instructs only operations relevant to classifying/auditing/annotating the FlowStudio cache and explicitly notes it does NOT modify flows in Power Automate. No instructions ask the agent to read unrelated files, other env vars, or send data to unrelated endpoints.
- Install Mechanism
- okNo install spec or code is provided (instruction-only skill), so nothing is written to disk or downloaded during install — lowest-risk install model.
- Credentials
- okOnly one credential is required (FLOWSTUDIO_MCP_TOKEN) and it is the primary credential for the service the skill integrates with. No unrelated secrets, config paths, or extra creds are requested.
- Persistence & Privilege
- okSkill is not force-included (always:false) and does not request system config or other skills' credentials. It instructs only to write governance metadata into the FlowStudio cache (its stated scope).