Skillv0.1.0

ClawScan security

Flowise · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:46 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (calling a Flowise REST API) is coherent with the included client code, but the SKILL.md asks the agent to read local configuration and environment variables that the skill metadata does not declare — a mismatch that could lead to unintended access or data exposure.
Guidance: This skill appears to do what it says (talk to a Flowise server), but the runtime instructions expect the agent to read a local TOOLS.md file, use environment variables (FLOWISE_URL, API_KEY), run shell curl commands, and may upload local files. Before installing or enabling this skill: 1) Confirm where the Flowise server URL and API key will be stored — avoid putting secrets in a shared TOOLS.md visible to other skills/agents. 2) Prefer using the bundled Python client (which performs HTTP calls directly) over shell exec to reduce shell-injection risk. 3) Understand that file-upload examples will read and transmit local files to the Flowise server — only allow this if you trust the server. 4) Because the SKILL.md references env vars and config files but the metadata doesn't declare them, ask the author to explicitly document required env vars/config paths or update the skill metadata. These inconsistencies are likely a sloppy omission, but they meaningfully increase the risk of accidental data exposure, so proceed with caution.

Review Dimensions

Purpose & Capability: okName, description, and the included Python client (scripts/flowise.py) all align: the skill's stated goal is to call Flowise REST endpoints (list flows, send predictions, ping, etc.), and the client implements those actions in a straightforward way.
Instruction Scope: concernSKILL.md instructs the agent to read TOOLS.md for server URL/API key and to 'use exec with curl' to call the API; it also includes examples that reference environment variables (${FLOWISE_URL}, ${API_KEY}) and examples of uploading local files. These instructions require the agent to read local files, access environment variables, and run shell commands — actions not reflected in the skill metadata and which can expose local files/credentials if misused.
Install Mechanism: okThere is no install spec (instruction-only plus a small Python script). No external downloads or package installs are requested, which keeps install-time risk low.
Credentials: concernThe skill does not declare any required environment variables or config paths, yet SKILL.md uses ${FLOWISE_URL} and ${API_KEY} and instructs storing credentials in TOOLS.md. This omission is inconsistent: the skill will need server URL and API key to function, and instructing the agent to read these from a shared TOOLS.md file could expose other secrets or sensitive entries in that file.
Persistence & Privilege: okThe skill does not request permanent presence (always:false) and does not modify other skills or system-wide settings. Autonomous invocation is allowed (platform default) but is not combined with other high-privilege requests here.