ClawHub

Automation Workflows Openclaw

v1.0.0

Design and implement automation workflows to save time and scale operations as a solopreneur. Use when identifying repetitive tasks to automate, building wor...

0· 0·1 current·1 all-time
byRene Cabrera@nicocabrerac
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchasesRequires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill name, description, and SKILL.md content are consistent: they focus on identifying automation opportunities and building workflows with Zapier/Make/n8n. However, package metadata (_meta.json) does not match registry metadata (different ownerId and version), and there's no homepage or publisher info — likely sloppy packaging but worth verifying the publisher identity before install.
Instruction Scope
SKILL.md contains step-by-step, tool-specific guidance (identify tasks, choose tool, design, test, and maintain workflows). It only instructs the agent to perform actions relevant to building automations (connect accounts via OAuth, map fields, test triggers). It does not request reading local files, unrelated env vars, or sending data to unknown endpoints.
Install Mechanism
No install spec and no code files — the skill is instruction-only, so nothing is written to disk or downloaded. This is the lowest-risk install model.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. The instructions mention authenticating to third-party automation tools (OAuth) which is expected; no unrelated secrets are requested.
Persistence & Privilege
always is false and the skill does not request persistent or cross-skill configuration changes. It is user-invocable and can be used autonomously by agents (platform default) but it does not request elevated persistence privileges.
Scan Findings in Context
[no_regex_findings] expected: The static regex-based scanner found nothing — expected because this is an instruction-only skill with no code files for the scanner to analyze.
Assessment
This skill is an instruction-only playbook and does not itself install code or ask for secrets, so it appears coherent with its stated purpose. Before you rely on it: (1) verify the publisher identity and resolve the metadata mismatch (ownerId/version) — the package shows inconsistent metadata; (2) when connecting third-party services (Zapier, Make, n8n, Google, Slack, payment processors), review and grant the minimum OAuth scopes required and avoid reusing high-privilege accounts; (3) test workflows with dummy data and limited-permission accounts before connecting real client or financial data; (4) keep any API keys or credentials out of shared documents and rotate credentials if you suspect they were exposed. If you need help verifying the publisher or want a checklist for safe OAuth scopes for common tools, ask and I can provide one.

Like a lobster shell, security has layers — review code before you run it.

latestvk9712fa6rz1syrv0n73wjmkgvx84nq0v

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments