clawflow-mvp

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill explicitly instructs installing and running remote npm packages at runtime (e.g., npm i -g @muathzaher/clawflow and npm i -g agent-browser), which fetch and execute external code that the workflow depends on, so these remote packages are runtime dependencies that can execute code.