ClawAudit verdict

workflow-automation-cn

🟢 Trusted

Low risk — reviewed by ClawAudit, behavior matches stated purpose

Reads local files AND makes external network calls

Workflow automation generator that produces Python scripts for scheduled tasks and notifications; network/file capabilities are used transparently for their stated legitimate purpose of local task automation.

Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.

security

transparency

maintenance

What it does

These are capability combinations: each listed behavior occurs in the skill, but ClawAudit detects co-occurrence — it does not verify that one flows into another. Read the code to confirm a live chain.

Capability combination critical

Reads local files AND makes external network calls — the capabilities for data exfiltration co-occur (data-flow not verified)

LLM02 · LLM06 · ASI03

Capability combination high

Enumerates directory contents AND makes external network calls — filesystem reconnaissance

LLM02 · LLM06 · ASI03

Permission integrity

Makes network requests but does not declare curl/wget in required binaries

network_out

Findings (1)

Pattern match critical

Possible hardcoded credential

SKILL.md · code · token = "YOUR_BOT_TOKEN

Permissions & capabilities

Requires 2 system binaries.

network_outfile_readdir_traversalnetwork_in

I installed anyway

Check another skill Browse the registry Auditing your own skills or configs? Use the API