clawflow
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious behavior or high-risk security patterns were identified in the framework documentation or the provided workflow examples. The skill serves as a structural substrate for task orchestration within the vendor's ecosystem.
- [PROMPT_INJECTION]: The illustrative examples (inbox-triage.lobster and pr-intake.lobster) demonstrate an indirect prompt injection surface where external untrusted data is ingested and processed by an LLM tool.
- Ingestion points: External data enters the context via
gog.gmail.search(Gmail messages) andgh pr list(GitHub PR titles and bodies). - Boundary markers: The examples do not demonstrate the use of delimiters or specific "ignore embedded instructions" warnings to isolate untrusted content from the system prompts.
- Capability inventory: The workflows include the ability to send messages via Slack and Telegram, and to perform automated actions on GitHub PRs (close, request changes).
- Sanitization: No demonstration of sanitization or validation of the external content is present in the illustrative examples.
Audit Metadata