Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Hrflow
v1.0.0Automate HR workflows including benefits enrollment, onboarding, and payroll integration. Use when the user needs to streamline employee processes, reduce ma...
⭐ 0· 42·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description align with HR automation and the declared env vars (HRIS_API_KEY, PAYROLL_API_KEY, SLACK_WEBHOOK_URL) are plausible. However, the SKILL.md itself lists many additional integrations (DocuSign, Teams, hardware ordering, GitHub provisioning, multiple HRIS/payroll systems) and references environment variables (e.g., HRIS_SYSTEM, HRIS_TENANT_ID, PAYROLL_SYSTEM and likely others) that are not declared in the registry metadata. The declared requirements are incomplete relative to the skill's claimed capabilities.
Instruction Scope
The SKILL.md instructs the agent to orchestrate multi-system workflows, access and sync sensitive employee records (including tax IDs, payroll data), trigger e-signatures, post to Slack, and perform provisioning/order actions. These runtime instructions are broad and may cause the agent to contact many external endpoints and handle PII/financial data. The instructions are also somewhat high-level/vague, giving the agent wide discretion to interact with systems not explicitly authorized.
Install Mechanism
This is an instruction-only skill with no install spec and no code files; nothing is written to disk by an installer. Required binaries (curl, jq) are standard and reasonable for calling APIs and parsing JSON.
Credentials
The registry requires three env vars which are relevant, but SKILL.md documents and implies many additional environment variables and credentials (HRIS_SYSTEM, HRIS_TENANT_ID, PAYROLL_SYSTEM, DocuSign/API tokens, vendor APIs for hardware ordering, Google/Slack/GitHub tokens, etc.) without declaring them. Given the skill processes highly sensitive HR/payroll data, the absence of a complete, explicit list of required credentials and minimum scopes is a significant proportionality and transparency issue.
Persistence & Privilege
The skill is not marked always:true and has no install actions, which is normal. However, because it operates on sensitive HR data and can be invoked autonomously (default platform behavior), confirm the agent's autonomy settings and prefer explicit user approvals for any high-impact actions (payroll syncs, salary changes, hardware purchases).
What to consider before installing
Do not provide full production HR or payroll credentials yet. Ask the skill author for a complete, explicit list of environment variables and the minimum scopes required (scoped, read-only tokens where possible; time-limited service accounts). Verify how the skill will access external services (endpoints, webhook destinations), whether it stores or transmits PII, and where audit logs are kept. Prefer sandbox/test accounts with synthetic employee data before connecting to real systems. If you must proceed, require least-privilege API keys, documented consent for any purchases or provisioning, and a privacy/compliance review (SOC2/GDPR/FCRA implications). Finally, verify the source repository and author — the registry metadata origin is unknown; confirm the repo and evaluate code before supplying sensitive credentials.Like a lobster shell, security has layers — review code before you run it.
latestvk975q1vq2kzza0xqpcmpgpbhc583nz6e
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🚀 Clawdis
OSmacOS · Linux · Windows
Binscurl, jq
EnvHRIS_API_KEY, PAYROLL_API_KEY, SLACK_WEBHOOK_URL