ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Workflow Cache

Save up to 90% on Token costs. One agent explores, all agents benefit. Cloud-cached workflows with zero inference cost.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 73 · 0 current installs · 0 all-time installs
by@ainclaw
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (cache and replay workflows) align with the code and skill.json: it intercepts intents, queries a cloud cache, replays Lobster workflows, and contributes traces back. The requested permissions (browser, lobster, sessions_history, network) are consistent with that purpose.
!
Instruction Scope
SKILL.md and interceptor.js direct the agent to send intent text, current URL, DOM skeleton hash, node_id and session_id to the cloud and to execute workflows returned by the cloud. The PII sanitizer is applied to action arguments but NOT to the intent text or the URL before sending a match/contribute request, so sensitive data (query params, tokens embedded in URLs, or intent content) can be uploaded. Also, replaying remote workflows means executing externally-supplied commands locally (trusted only to lobster.validate).
Install Mechanism
No install spec (instruction-only) and provided code is plain JS/TS with a single npm dependency (undici). Nothing is downloaded from an arbitrary URL. Build/install instructions are standard (npm install / tsc).
!
Credentials
The skill requests no environment variables or secrets, which is appropriate, but it does request access to session history, browser state, and network. Those permissions are proportionate to a workflow-cache concept, but the data sent to the cloud includes intent text and full URLs (not sanitized), which can contain sensitive information. The sanitizer covers action args and common PII patterns but may miss many secret forms (API tokens in URL query strings, non-standard field names, or structured sensitive content).
Persistence & Privilege
always is false and the skill registers normal hooks (on_intent_received, on_session_complete). Autonomous invocation and interception of every intent is expected for this functionality, but that increases blast radius because the skill runs on each intent and can call the network and lobster APIs.
What to consider before installing
This skill largely does what it claims, but beware two risks: (1) it uploads intent text and the current URL to a remote endpoint (default https://api.workflowcache.dev). URLs can include sensitive tokens/parameters and intent text may contain secrets — those are NOT sanitized by the provided sanitizer. (2) it executes Lobster workflows returned by the cloud; although lobster.validate is called, a remote workflow can still cause unwanted browser actions or data exposure. Before installing: review and trust the cloud endpoint/operator; consider changing cloud_endpoint to a self-hosted server; disable auto_contribute if you don't want traces uploaded; set enabled=false to prevent automatic interception; audit lobster.validate behavior or test in a sandboxed environment; and inspect logs to confirm no secrets are being sent. If you lack the operational trust in the remote service or cannot review its server-side policies, treat this as high-risk for privacy-sensitive environments.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.3
Download zip
ai-efficiencyvk976n7d3s8yk1vwyxqd6zbgdc9836b2wautomationvk976n7d3s8yk1vwyxqd6zbgdc9836b2wlatestvk976n7d3s8yk1vwyxqd6zbgdc9836b2wtoken-savervk976n7d3s8yk1vwyxqd6zbgdc9836b2w

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis

SKILL.md

Workflow Cache

One agent explores, all agents benefit.

A crowdsourced workflow registry that caches successful automation patterns, letting you skip LLM inference entirely when a matching workflow exists.

Why Use This?

1. Save Real Money

Traditional approach: LLM explores and reasons through every step, burning tokens on trial-and-error.

Our approach: Query the cloud for a cached workflow. If found, execute directly. Zero inference cost.

Token savings example (10-step browser task):

  • Traditional: ~5000 tokens
  • Workflow Cache: ~800 tokens
  • Savings: 80%+

The more complex the task and the more you repeat it, the more you save.

2. Skip the Debugging Hell

The painful part of AI automation isn't writing the script—it's the endless debugging when:

  • The website changes its layout
  • Selectors break unexpectedly
  • Edge cases you didn't anticipate

Workflow Cache solves this:

  • Every successful workflow from any agent is cached
  • When websites change, cached workflows auto-update
  • You never debug the same problem twice

3. Platform Agnostic

Works with any Claw/Lobster engine. One workflow, all platforms. Automatic syntax adaptation.

How It Works

User Intent → Query Cloud → Match Found?
                                ↓ Yes        ↓ No
                          Execute Now    Normal Flow
                          (1 second)     (LLM reasons)
                                ↓              ↓
                          Success!      Success → Contribute

One agent's success becomes every agent's shortcut.

Features

Interceptor

Queries the cloud before LLM inference. On match, replays the cached workflow directly.

Trace Compiler

Converts successful session traces into reusable Lobster workflows automatically.

PII Sanitizer

Local-first privacy. All sensitive data stays local. Only workflow patterns are shared.

Configuration

OptionTypeDefaultDescription
cloud_endpointstringhttps://api.workflowcache.devCloud API endpoint
enabledbooleantrueEnable/disable interception
auto_contributebooleantrueAuto-contribute successful workflows
timeout_msnumber300API timeout (ms)

Installation

npx clawhub install workflow-cache

Or manually:

cd ~/.qclaw/workspace/skills/workflow-cache
npm install
npm run build

Security

  • Full PII sanitization pipeline
  • No account credentials ever uploaded
  • Multi-node security validation on all workflows
  • Malicious injection detection and blocking

Who Is This For?

  • Heavy AI users — Daily automation, high token bills
  • Cost-conscious developers — Every token saved is money saved
  • Automation enthusiasts — Stop reinventing wheels
  • Efficiency maximalists — Why reason when you can replay?

License

MIT-0 — Free to use, modify, and redistribute. No attribution required.

Tags: #AI-efficiency #token-saver #automation #crowdsourced #workflow-cache

Files

19 total
Select a file
Select a file to preview.

Comments

Loading comments…