The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill requests the installation of a global NPM package @muathzaher/clawflow. This package name contains a character substitution ('e' instead of 'i') compared to the provided author name muathzahir, which is a strong indicator of typosquatting.
[REMOTE_CODE_EXECUTION]: By instructing the agent to perform global installations and use npx with a potentially typosquatted package name, the skill enables the execution of remote code from an unverified source with elevated system permissions.
[COMMAND_EXECUTION]: The workflow involves extensive use of shell commands to manage local processes and browser automation. It specifically includes system-level commands like Stop-Process on Windows to terminate processes by PID, representing a high-power capability.
[PROMPT_INJECTION]: The skill defines a surface for indirect prompt injection by ingesting and acting upon data from external web applications (markers) and issue reports which could be used to manipulate the agent's logic.
Ingestion points: SKILL.md (reading external data via clawflow issue bundle and marker ingest commands)
Boundary markers: Absent
Capability inventory: SKILL.md (Full shell command execution and browser control via agent-browser)
Sanitization: Absent; the skill does not specify how it validates or sanitizes the content of issue bundles or markers before the agent processes them.

clawflow-mvp