Crewai Workflows
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for remote AI workflow calls, but it embeds an undeclared API key and automatically saves full responses locally, so credential and data handling should be reviewed before use.
Before installing, verify that you trust crew.iclautomation.me and any downstream LLM providers. Do not send confidential customer or business data unless the service’s privacy and retention terms are acceptable. Replace or remove the bundled API key, ensure credentials are declared and scoped, and consider disabling or cleaning up the automatic /tmp response files.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Requests may be sent under a shared bundled credential, or users may pass their own key to the service without clear account boundaries or revocation guidance.
The skill embeds a real-looking service API key even though the provided metadata declares no primary credential or required environment variable. That makes credential ownership, scope, rotation, and per-user authorization unclear.
export CREWAI_API_KEY="5aZy...dST"
Remove the embedded key, declare CREWAI_API_KEY in metadata, document required scope and ownership, and prefer per-user credentials. Avoid passing secrets as command-line arguments where they may enter shell history or process listings.
Marketing prompts, customer-support issues, or business-analysis descriptions may be processed by the remote CrewAI service and downstream LLM providers.
The helper posts the user-supplied JSON input to an external hosted service. This is purpose-aligned, but retention, provider routing, and data boundary details are not documented in the artifacts.
curl -s --max-time "$TIMEOUT" -X POST "https://crew.iclautomation.me/crews/$CREW_NAME/run" ... -d "$PAYLOAD"
Document data handling, retention, and downstream providers clearly. Users should avoid sending confidential customer or business data unless they trust the service and its policies.
Sensitive support or business content could remain on the local machine after the task and may be more exposed on shared systems.
Every successful call writes the full response to a predictable file under /tmp. The response can include generated content, trace data, and summaries of user inputs, with no cleanup or access-mode control.
# Save full response to temp file for inspection TEMP_FILE="/tmp/crewai_response_$(date +%s).json" echo "$RESPONSE" | jq '.' > "$TEMP_FILE"
Make response saving opt-in, use a secure temporary-file mechanism with restrictive permissions, document where data is stored, and provide cleanup guidance.
Users have limited independent information to verify who operates the service or what operational/security policies apply.
The skill relies on an external hosted workflow service, but the source and homepage are not provided and setup requirements are under-declared. This is a provenance and reviewability gap, not evidence of malicious behavior.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Provide a homepage or source reference, declare required tools and credentials, and document the service operator and support/security contact.