Automation Workflows
PassAudited by ClawScan on May 1, 2026.
Overview
This is an instruction-only automation guide with no code or required credentials, but it tells users to connect third-party accounts and enable workflows that can affect business data.
This appears safe as an instruction-only guide. Before following it, review what each automation will read or change, connect only the necessary accounts, test carefully, add error alerts, and periodically disable workflows you no longer use.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A poorly configured workflow could send messages, post content, or alter business records incorrectly.
The skill recommends automations that can create or modify records, send communications, publish scheduled content, or create invoices in third-party tools.
Examples: ... Adding new leads to CRM from form submissions ... Posting social media content on a schedule ... Auto-create invoices from payment confirmations
Review each trigger and action before enabling it, test with safe sample data when possible, and confirm that any workflow changing customer, financial, or public-facing data has the intended safeguards.
Connected automation platforms may receive access to business tools such as forms, spreadsheets, CRMs, email tools, or project-management systems.
The guide expects users to authorize third-party automation services to access connected accounts, which is normal for this purpose but still security-relevant.
Connect your account (authenticate via OAuth)
Use least-privilege OAuth scopes where available, connect only the accounts needed for a workflow, and periodically review or revoke unused app permissions.
An enabled automation may continue running on future triggers until the user disables or modifies it.
The guide intentionally leads users to enable persistent trigger-based automations. This is purpose-aligned, but it means the workflow can continue acting after setup.
Turn on workflow (Zapier calls this "turn on Zap")
Document enabled workflows, add error notifications, monitor early runs, and disable automations that are no longer needed.
The mismatch may make it harder to confirm the package lineage or whether the registry metadata and bundled metadata were generated from the same source.
These internal metadata values differ from the supplied registry metadata, which lists a different owner ID, slug, and version. With no code or install step, this is only a provenance consistency note.
"ownerId": "kn732qfbv22he1jqm63xbwq6e980kn8s", "slug": "automation-workflows", "version": "0.1.0"
If provenance matters, verify the publisher and version history before relying on the skill, especially if future versions add code or install steps.