ClawHub

Power Automate Monitoring

Security checks across malware telemetry and agentic risk

Overview

This is a documented Power Automate monitoring skill, but it should be used only by trusted tenant administrators because it can read sensitive FlowStudio cached data and change monitoring metadata.

Install only in environments where the agent is trusted to access tenant-wide Power Platform data. Prefer aggregate reports, avoid sharing raw trigger URLs or full flow definitions unless explicitly needed, and require clear user approval before changing monitoring, notification, tagging, criticality, or governance fields.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The skill explicitly documents access to sensitive tenant data such as `triggerUrl`, full flow definitions, owners, connections, and other cached records, but it does not include strong guidance on redaction, least-privilege use, or safe handling of secrets/URLs. Trigger URLs for HTTP-triggered flows can function as bearer-style endpoints, so exposing or echoing them can enable unauthorized invocation or leakage of sensitive automation entry points.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs use of `update_store_flow` to change monitoring, notification, criticality, and governance metadata without emphasizing that these are tenant configuration changes with operational consequences. An agent following these instructions could silently alter monitoring scope, notification targets, or governance posture, leading to unauthorized changes, alert routing issues, or policy drift.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal