ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Business Automation Architect

v1.0.0

Turn your AI agent into a business automation architect. Design, document, implement, and monitor automated workflows across sales, ops, finance, HR, and support — no n8n or Zapier required.

1· 2.1k·22 current·22 all-time
by@1kalin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (business automation architect) matches the SKILL.md content: discovery, scoring, workflow design, implementation patterns and monitoring. It does not require unrelated binaries, env vars, or config paths.
Instruction Scope
The SKILL.md is high-level and prescriptive about design and implementation patterns but does not instruct the agent to read arbitrary system files or exfiltrate data. It does instruct implementers to 'use available tools (APIs, scripts, cron jobs, agent skills)' — which gives the agent broad operational scope when actually implementing automations. That breadth is expected for this purpose but means the agent may need credentials and access to external systems during real deployments (the instructions themselves do not request or hard-code such secrets).
Install Mechanism
No install spec and no code files — lowest-risk model because nothing will be written to disk by the skill itself.
Credentials
The skill declares no required environment variables or primary credential, which is proportionate for an instruction-only design doc. However, practical implementation of recommended automations will typically require service credentials (CRM, Slack, accounting systems, cloud, etc.). The skill does not ask for these explicitly — you should only grant the agent the minimal credentials necessary when connecting systems.
Persistence & Privilege
The skill is not marked always:true and does not request elevated or persistent platform privileges. disable-model-invocation is false (normal), meaning it can be invoked autonomously per platform defaults.
Scan Findings in Context
[no_scan_findings] expected: The static scanner had no code to analyze (instruction-only SKILL.md). Absence of findings is expected and not evidence of safety; the runtime risk is tied to what credentials and system access you give the agent when following these instructions.
Assessment
This skill is a coherent set of templates and runbooks for automation design — it does not install code or ask for secrets. Before using it, decide which systems you want the agent to integrate with and only grant minimal, scoped credentials for those systems. Prefer per-integration service accounts with limited permissions (read-only where possible) and test automations in a sandbox or staging environment before running them in production. Be cautious about authorizing broad cloud or financial credentials; the skill can recommend workflows, but the real security risk comes from what access you give your agent to implement them.

Like a lobster shell, security has layers — review code before you run it.

automationvk977j0zzh71230bttg7vwfbmv9812nstbusinessvk977j0zzh71230bttg7vwfbmv9812nstlatestvk977j0zzh71230bttg7vwfbmv9812nstoperationsvk977j0zzh71230bttg7vwfbmv9812nstproductivityvk977j0zzh71230bttg7vwfbmv9812nstroivk977j0zzh71230bttg7vwfbmv9812nstworkflowvk977j0zzh71230bttg7vwfbmv9812nst

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments