clawflows
Fail
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The skill installs the 'clawflows' Node.js package globally from npm. The package and its associated GitHub repository 'Cluka-399/clawflows-registry' are from unverified external sources.
- [DYNAMIC_EXECUTION]: The 'clawflows run' command executes multi-step automation logic defined in externally hosted YAML files. This allows for the execution of arbitrary logic fetched at runtime from 'clawflows.com'.
- [PERSISTENCE_MECHANISMS]: The 'clawflows enable' command provides instructions for setting up cron schedules, facilitating persistent execution of automations on the host system.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted workflow data from an external registry, which could contain malicious instructions. 1. Ingestion points: Workflow definitions fetched from 'clawflows.com' via 'clawflows install'. 2. Boundary markers: None identified. 3. Capability inventory: Shell command execution, package installation, and cron configuration. 4. Sanitization: No evidence of validation or sanitization of remote YAML content.
Recommendations
- AI detected serious security threats
Audit Metadata