Automation Workflow
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is not clearly malicious, but it advertises autonomous public posting, customer replies, and 24/7 workflows without enough approval, credential-scope, or stop controls.
Review this skill carefully before installing. Do not connect live social-media, support, or knowledge-base accounts until it has draft-only defaults, explicit human approval for publishing/replies, least-privilege credentials, time-bounded schedules, visible logs, and verified RBAC/audit controls.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could publish incorrect posts or replies on behalf of the user or organization if connected to live accounts.
This instructs the agent to publish and reply from a company social-media account, but the artifacts do not define approval gates, allowed accounts, rate limits, or rollback before public actions.
"使用Automation工作流技能为[公司Twitter账号]自动发布[每日行业新闻],监控[品牌提及]并回复[常见问题]"
Require draft-only mode by default, explicit human approval before publishing or replying, account/channel allowlists, rate limits, and a clear rollback process.
If the agent uses a logged-in browser session or broad account token, it may act with more authority than intended.
These workflows require delegated access to social-media and customer-support channels, while the registry declares no primary credential or environment variables, leaving the permission boundary and least-privilege scope undefined.
"为[公司Twitter账号]自动发布" and "处理[客户支持]请求,自动回答[订单状态查询]和[退货政策]问题"
Declare required credentials, use least-privilege scopes, require explicit account selection, and separate read-only monitoring from write/publish permissions.
Automated posts or support replies could continue after the original task intent, spreading mistakes across public or customer-facing channels.
The skill advertises continuous and scheduled autonomous behavior, but no stop conditions, duration limits, owner approval, or kill-switch controls are specified.
"Handle FAQs, route tickets, provide 24/7 support" and "Schedule posts, monitor engagement"
Make schedules time-bounded, require an owner and visible status, provide pause/stop controls, and log all live actions for review.
Users may assume enterprise controls exist when the provided artifacts do not show them, increasing the chance of unsafe use on live business workflows.
These security/control claims are not backed by the provided implementation; main.js labels the helpers as placeholders and returns mock objects, so users could over-trust the skill's safety controls.
"Enterprise Features" including "Audit logging and compliance tracking" and "Role-based access control"
Document which controls are actually implemented, show how audit logs and RBAC are enforced, and avoid using the skill for regulated workflows until those controls are verified.