Back to skill
Skillv1.2.0
ClawScan security
Power Automate Mcp · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 11:02 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only plumbing layer for FlowStudio MCP and its requirements (single MCP token, MCP endpoint) align with its stated purpose; there is no installer or unrelated credential request.
- Guidance
- This skill appears coherent and only needs the FlowStudio MCP token to act as a client for the documented MCP API. Before installing: 1) Confirm the token you provide is scoped minimally (prefer a service account or token with only the necessary environment/view/edit permissions). 2) Verify the MCP endpoint (https://mcp.flowstudio.app/mcp) and FlowStudio vendor are trusted in your organization. 3) Rotate and revoke the token if you stop using the skill. 4) Remember the skill is instruction-only — it will cause the agent to make network calls using that token if invoked; if you allow autonomous agent actions, monitor activity and audit logs for unexpected flow changes. If you need stronger guarantees, request a token limited to read-only operations or test in a non-production environment first.
Review Dimensions
- Purpose & Capability
- okName/description identify a FlowStudio MCP integration; the only required credential is FLOWSTUDIO_MCP_TOKEN (primaryEnv) which is exactly what's needed to authenticate to the declared MCP endpoint. No unrelated binaries, installs, or secrets are requested.
- Instruction Scope
- okSKILL.md contains only instructions for talking to the MCP server (tools/list, tool_search, tools/call), parsing responses, and guidance on forming requests. It does not instruct reading arbitrary local files, other environment variables, or sending data to unexpected third-party endpoints.
- Install Mechanism
- okThis is an instruction-only skill with no install spec and no code files to write or execute on disk, so there is no install risk.
- Credentials
- okOnly FLOWSTUDIO_MCP_TOKEN is required and declared as the primary credential. That is proportionate for a remote MCP API client. The docs clearly state the token is sent as an x-api-key header (JWT).
- Persistence & Privilege
- okThe skill does not request always:true and does not indicate modification of other skills or system-wide settings. It is user-invocable and can be called autonomously by the agent (platform default), which is appropriate for an API integration skill.