Power Automate Monitoring
PassAudited by ClawScan on May 10, 2026.
Overview
The provided artifacts show a coherent FlowStudio Power Automate monitoring skill, but it handles tenant-wide cached flow data and monitoring settings, so it should be used only with an approved token and trusted provider.
Install this only if you have the required FlowStudio Pro+ access and trust FlowStudio to process tenant-wide Power Platform data. Use a controlled token, request aggregate outputs where possible, redact trigger URLs and other sensitive fields, and require confirmation before changing monitoring or governance settings.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the token is broad or mishandled, the agent may be able to read tenant-wide Power Automate monitoring and inventory data through FlowStudio.
The skill requires a FlowStudio MCP credential. This is expected for the stated integration, and the artifacts do not show token leakage or unrelated use, but the token controls access to sensitive tenant-wide data.
Required env vars: FLOWSTUDIO_MCP_TOKEN ... Primary credential: FLOWSTUDIO_MCP_TOKEN
Use an organization-approved FlowStudio token, keep it scoped and rotated where possible, and install the skill only in agent environments trusted to access tenant-wide Power Platform data.
Flow definitions, run statistics, connections, owners, makers, and app inventory may be available through the FlowStudio cache rather than only live Microsoft APIs.
Tenant Power Automate data is transferred to and read from an external FlowStudio MCP cached store. This is disclosed and central to the skill, but it is a sensitive provider data boundary.
Flow Studio scans the Power Automate API daily for each subscriber and caches the results.
Confirm that FlowStudio's data handling, retention, tenant isolation, and subscription terms meet your organization's requirements before enabling tenant-wide monitoring.
Reports or chat responses could accidentally expose sensitive flow definitions, connection information, or trigger URLs if the user asks for full records.
The cached records can include sensitive flow details and trigger URLs that may be reused in agent context or reports.
`get_store_flow` | Full cached record: run stats, owners, tier, connections, definition (`triggerUrl` field included)
Prefer aggregate reports by default, avoid displaying trigger URLs unless explicitly needed, and redact sensitive fields before sharing outputs.
An agent could alter monitoring flags, notification rules, tags, or governance metadata, which may affect alerting and compliance workflows.
The skill documents a tool that can change persistent monitoring and governance settings. This is purpose-aligned, but it should be user-directed.
`update_store_flow` | Set monitor flag, notification rules, tags, governance metadata
Require explicit confirmation before using update_store_flow or any referenced live-control tools, and review which flows and settings will change.