Clawflows
Search, install, and run multi-skill automations from clawflows.com. Combine multiple skills into powerful workflows with logic, conditions, and data flow between steps.
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 4 · 4.9k · 43 current installs · 43 all-time installs
MIT-0
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill is a CLI front-end for a workflow registry. Declaring a required binary 'clawflows' and providing an npm install spec for the 'clawflows' package is consistent with that purpose. Minor note: registry metadata lists no homepage/source, but SKILL.md includes links to an npm package and a GitHub repo; verify those links match the package you install.
Instruction Scope
SKILL.md only instructs installing and using the clawflows CLI (search, install, run, logs, publish). Those instructions are within scope. Important caveat: running an automation executes a user-downloaded YAML which can chain many skills and steps — those automations may perform network calls, access other skill capabilities, or require credentials. The skill's instructions do not themselves request extra secrets, but you should inspect automations (or use --dry-run) before executing.
Install Mechanism
Install uses the public npm package 'clawflows' (npm i -g clawflows), which is a standard mechanism for a CLI. This is moderate-risk by nature (npm packages execute code on install); verify the package's publisher and its GitHub repo before installing. No arbitrary URL downloads or archive extraction are present in the spec.
Credentials
The skill declares no required environment variables or credentials, which is proportional. Note that automations discovered/installed with this CLI may require unrelated credentials (YouTube API keys, database passwords, etc.); those would be required by the automations or the other skills they invoke, not by this CLI itself.
Persistence & Privilege
The skill does not request always:true and does not declare system config paths. disable-model-invocation is false (normal) which allows autonomous invocation; this is the platform default and acceptable here. Be aware that autonomous runs of downloaded automations could execute workflows without immediate user interaction, so grant invocation to trusted automations only.
Assessment
This skill appears to do what it claims (a CLI for finding/installing/running workflow YAMLs). Before installing or running automations: 1) Verify the npm package owner and the linked GitHub repo to ensure provenance. 2) Install in a controlled environment (or container) if you want to limit blast radius. 3) Use clawflows --dry-run and inspect any downloaded ./automations/*.yaml before running — automations can call other skills and may require credentials or make network calls. 4) Limit autonomous invocation or only enable scheduling for automations you trust.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.0
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binsclawflows
Install
Install ClawFlows CLI (npm)
Bins: clawflows
npm i -g clawflowsSKILL.md
ClawFlows
Discover and run multi-skill automations that combine capabilities like database, charts, social search, and more.
Install CLI
npm i -g clawflows
Commands
Search for automations
clawflows search "youtube competitor"
clawflows search "morning brief"
clawflows search --capability chart-generation
Check requirements
Before installing, see what capabilities the automation needs:
clawflows check youtube-competitor-tracker
Shows required capabilities and whether you have skills that provide them.
Install an automation
clawflows install youtube-competitor-tracker
Downloads to ./automations/youtube-competitor-tracker.yaml
List installed automations
clawflows list
Run an automation
clawflows run youtube-competitor-tracker
clawflows run youtube-competitor-tracker --dry-run
The --dry-run flag shows what would happen without executing.
Enable/disable scheduling
clawflows enable youtube-competitor-tracker # Shows cron setup instructions
clawflows disable youtube-competitor-tracker
View logs
clawflows logs youtube-competitor-tracker
clawflows logs youtube-competitor-tracker --last 10
Publish your automation
clawflows publish ./my-automation.yaml
Prints instructions for submitting to the registry via PR.
How It Works
Automations use capabilities (abstract) not skills (concrete):
steps:
- capability: youtube-data # Not a specific skill
method: getRecentVideos
args:
channels: ["@MrBeast"]
capture: videos
- capability: database
method: upsert
args:
table: videos
data: "${videos}"
This means automations are portable — they work on any Clawbot that has skills providing the required capabilities.
Standard Capabilities
| Capability | What It Does | Example Skills |
|---|---|---|
youtube-data | Fetch video/channel stats | youtube-api |
database | Store and query data | sqlite-skill |
chart-generation | Create chart images | chart-image |
social-search | Search X/Twitter | search-x |
prediction-markets | Query odds | polymarket |
weather | Get forecasts | weather |
calendar | Read/write events | caldav-calendar |
email | Send/receive email | agentmail |
tts | Text to speech | elevenlabs-tts |
Making Skills ClawFlows-Compatible
To make your skill work with ClawFlows automations, add a CAPABILITY.md file:
# my-capability Capability
Provides: my-capability
Skill: my-skill
## Methods
### myMethod
**Input:**
- param1: description
- param2: description
**How to fulfill:**
\`\`\`bash
./scripts/my-script.sh --param1 "${param1}"
\`\`\`
**Output:** Description of output format
And declare it in your SKILL.md frontmatter:
---
name: my-skill
provides:
- capability: my-capability
methods: [myMethod]
---
Links
- Registry: https://clawflows.com
- CLI on npm: https://www.npmjs.com/package/clawflows
- GitHub: https://github.com/Cluka-399/clawflows-registry
Files
1 totalSelect a file
Select a file to preview.
Comments
Loading comments…