Dataverse Classic Workflow
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a legitimate Dataverse classic-workflow helper, but publishing or activating workflows can materially change a business environment and should be confirmed carefully.
Use this skill only when you want an agent to work with Dataverse Classic Workflow XAML. Before allowing publish, activate, import, or generated-code deployment steps, confirm the target environment and workflow, prefer a development org first, keep backups/source control, audit RunAs=Owner and trigger settings, and review any generated C# workflow activity code before building or registering it.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
1/65 vendors flagged this skill as malicious, and 64/65 flagged it as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used against the wrong environment or workflow, it could publish changes that affect business records or workflow behavior.
The skill explicitly covers workflow editing and Dataverse/PAC import-publish operations, which can change a Dataverse environment. This is purpose-aligned and disclosed, but high-impact.
Read, analyze, compare, edit, copy, and publish Microsoft Dataverse Classic Workflows ... `pac solution clone`/`unpack`/`pack`/`import` ... PAC CLI publishing flow.
Require explicit confirmation before import, publish, or activate steps; verify the target Dataverse environment, solution, workflow name/ID, and backups before proceeding.
Changing or approving RunAs=Owner behavior can let lower-privileged users indirectly cause actions using the workflow owner's permissions.
The skill's domain includes workflow run-as settings that can elevate the effects of user-triggered workflows. The artifact discloses this risk and recommends auditing it.
A workflow set to `RunAs=Owner` and triggered by unprivileged users effectively grants those users elevated access through the workflow's effects. Audit carefully. Document why.
Audit RunAs=Owner workflows, use service accounts intentionally, document elevation, and avoid changing run-as or ownership without administrator review.
A flawed workflow edit could cause repeated jobs, cancellations, lock contention, or production performance problems.
The reference documents cascading operational failure modes from workflow trigger/update interactions. The skill appears to surface these as analysis findings rather than hide them.
Background workflow that updates a column it triggers on, with no guard | Critical | The engine cancels the workflow after **16 runs** ... Two or more background workflows triggered by the same column ... `SQL Timeout`.
Test workflow edits in a non-production environment, check update trigger filters and guard conditions, and monitor Dataverse system jobs after activation.