clawflows
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documentation describes actions such as
run_commandandrun_scriptwithin JSON configurations. Examples demonstrate the execution of shell commands likels -landrsyncon the host system. - [REMOTE_CODE_EXECUTION]: The workflow engine can be triggered via external webhooks and can execute scripts defined in configurations loaded from local paths or remote APIs. This allows for the execution of code provided at runtime.
- [DATA_EXFILTRATION]: The combination of system command execution and built-in support for network-based actions (such as HTTP webhooks and email) provides a mechanism for reading sensitive data and sending it to external destinations.
- [PROMPT_INJECTION]: The skill processes untrusted workflow configurations that could contain malicious instructions. Ingestion points: Configuration files (--config) and API responses (POST /api/workflows). Boundary markers: None present; the skill directly executes command and action fields from the JSON input. Capability inventory: Subprocess command execution, script execution, and network operations (webhooks, email). Sanitization: No evidence of input validation or command escaping for values defined in configurations.
Audit Metadata