Coze 工作流执行 / Coze Workflow

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This is a coherent instruction-only Coze workflow caller, but users should treat it carefully because it can run Coze workflow IDs using a Coze API key.

Install this only if you want your agent to call Coze workflows. Keep the Coze API key private, verify workflow IDs and parameters before use, and require extra confirmation for workflows that may spend credits, publish content, or modify data.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI02: Tool Misuse and Exploitation

Low

What this means

If the agent or a dependent skill supplies the wrong workflow ID or parameters, it could run an unintended Coze workflow under the user's account.

Why it was flagged

The skill exposes a generic workflow execution path with arbitrary parameters. This is consistent with its purpose, but it is broader than a single scoped business workflow.

Skill content

Receives `workflow_id` and `parameters`, executes the workflow... `"parameters": {}  // 任意 JSON / Any JSON`

Recommendation

Use only trusted workflow IDs and add user confirmation in higher-level skills for workflows that spend credits, publish content, or change data.

#ASI03: Identity and Privilege Abuse

Low

What this means

Anyone or any agent workflow that can use this configured key may be able to run Coze workflows and potentially consume account resources.

Why it was flagged

The skill uses a Coze bearer API key/PAT to call the provider API. This is expected for the integration, but it grants delegated account authority and is not declared in the registry credential metadata.

Skill content

`"api_key": "pat_xxx"` ... `-H "Authorization: Bearer ${COZE_API_KEY}"`

Recommendation

Store the key securely, use the least-privileged Coze token available, and declare/document the credential requirement clearly before installation.

#ASI04: Agentic Supply Chain Vulnerabilities

Info

What this means

Users may have difficulty confirming exactly which version they are installing or reviewing.

Why it was flagged

The supplied registry metadata reports version 1.1.4, while _meta.json and SKILL.md identify 1.1.3. This is a package metadata inconsistency, not evidence of malicious behavior.

Skill content

`"version": "1.1.3"`

Recommendation

Confirm the intended package version and prefer a source/release process where registry and embedded metadata match.