ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

next

v0.1.0

Suggest next actions after completing any task. Use automatically when a task is finished to recommend 2-3 logical follow-up actions the user might want to t...

0· 67·0 current·0 all-time
byes6kr@drumrobot

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for drumrobot/next.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "next" (drumrobot/next) from ClawHub.
Skill page: https://clawhub.ai/drumrobot/next
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install next

ClawHub CLI

Package manager switcher

npx clawhub@latest install next
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name/description match a lightweight suggester, but the instructions require the agent to detect stalled workflows, inspect files (workflow.md, fix_plan.md), check PR/issue bodies and CI status, and then invoke /fix to execute missing steps. Those actions typically require repository access, CI API tokens, and the ability to run commands (git, CI CLI). The skill declares no required env vars, binaries, or config paths — a mismatch between claimed scope and the capabilities it expects to use.
!
Instruction Scope
SKILL.md instructs the agent to run a mandatory 'stall-detect' routine that checks project files, PR/issue checklists, workflow rules, and user responses, and to invoke the /fix skill when any stall is found. It also directs the agent to "Execute selected action" immediately. The instructions allow reading project artifacts and performing potentially destructive actions (git push, run scripts, create PRs) without clearly documented confirmation/limits.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest-risk install mechanism. There are no downloads or installs performed by the skill itself.
!
Credentials
The skill will need access to repository data, PR bodies, and CI status to implement its stall-detection and automatic fixes, which usually requires GitHub/Git/CI credentials and CLIs. But it declares no required environment variables or config paths. This omission is a proportionality mismatch — the skill asks for capabilities (read/change repo state, call /fix) without declaring the credentials or access it will need.
Persistence & Privilege
The skill is not always-enabled and is user-invocable (defaults). It will autonomously invoke the /fix skill when a stall is detected, and it instructs the agent to execute user-selected actions immediately. Autonomous invocation alone is normal, but combined with the other concerns (repo/CI access, automatic fixes) it increases the potential impact if the /fix skill or the agent has broad permissions.
What to consider before installing
This skill is a plausible 'next action' suggester, but its instructions require reading repository/PR/CI state and can invoke a /fix skill that executes missing steps. Before installing or enabling it: 1) Ask the author for the /fix skill's code and for explicit details about required credentials (GitHub tokens, CI tokens, git/cli access). 2) Ensure the skill will ask for explicit confirmation before performing destructive actions (push, run scripts, create PRs). 3) Limit tokens/permissions to least privilege and prefer read-only tokens for suggestion/detection. 4) Test in a safe repository or sandbox first. 5) If you cannot review the /fix skill, treat this as higher-risk and avoid granting broad repo/CI credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dn47heqcmr5zhf6twrs1fnn85bh1f
67downloads
0stars
1versions
Updated 5d ago
v0.1.0
MIT-0
es6kr@drumrobot
latest
Download

Next Action Suggester

Topics

TopicDescriptionGuide
stall-detectDetect stalled follow-up steps and invoke /fixstall-detect.md

After task completion, use AskUserQuestion to suggest next steps and get user selection.

When to use

Automatically use after any task completion:

  • Code writing/modification complete
  • Configuration changes complete
  • File creation complete
  • Commit/push complete
  • Skill/agent creation complete
  • Bug fix complete

Instructions

Step 0: Stall Detection (mandatory)

Before suggesting next actions, run the stall-detect topic.

If stall detected → topic invokes /fix. If no stall → proceed to Step 1.

Step 1: Identify completed task type

Identify the type of task just completed.

Step 2: Use AskUserQuestion tool

Present next step options via AskUserQuestion:

AskUserQuestion({
  questions: [{
    question: "What would you like to do next?",
    header: "Next Action",
    multiSelect: true
    options: [
      { label: "Option 1", description: "Description" },
      { label: "Option 2", description: "Description" }
    ]
  }]
})

Step 3: Execute selected action

Immediately perform the action(s) user selected.

Suggestion Patterns

After code writing/modification

options: [
  { label: "Run tests", description: "Verify changes with test suite" },
  { label: "Commit", description: "Git commit the changes" }
]

After feature implementation

multiSelect: true,
options: [
  { label: "Write tests", description: "Add tests for new feature" },
  { label: "Document", description: "Update README or JSDoc" },
  { label: "Commit", description: "Git commit the changes" }
]

After bug fix

multiSelect: true,
options: [
  { label: "Add regression test", description: "Prevent bug recurrence" },
  { label: "Commit", description: "Git commit the fix" },
  { label: "Close issue", description: "Close related issue" }
]

After configuration change

options: [
  { label: "Verify", description: "Source or restart to apply settings" },
  { label: "Backup", description: "Backup config file" }
]

After commit

options: [
  { label: "Push", description: "Git push to remote" },
  { label: "Create PR", description: "Create Pull Request" }
]

After push

options: [
  { label: "Create PR", description: "Create Pull Request" },
  { label: "Check CI", description: "Verify pipeline status" }
]

After skill/agent creation

options: [
  { label: "Test", description: "Verify activation with trigger keywords" },
  { label: "Review integration", description: "Check for duplicates" }
]

After file creation

options: [
  { label: "Review content", description: "Verify created file" },
  { label: "Git add", description: "Stage with git add" }
]

After refactoring

multiSelect: true,
options: [
  { label: "Run tests", description: "Verify existing tests pass" },
  { label: "Check performance", description: "Run benchmarks (if applicable)" },
  { label: "Commit", description: "Commit refactoring" }
]

After complex workflow completion

multiSelect: true,
options: [
  { label: "Agentify", description: "Convert this workflow to an agent/skill" },
  { label: "Serena memory", description: "Save key learnings to Serena memory" }
]

After project exploration/research

multiSelect: true,
options: [
  { label: "Serena memory", description: "Store findings in project memory" },
  { label: "Document", description: "Update project documentation" }
]

Rules

  1. Always 2-4 options - AskUserQuestion limitation
  2. Be specific - "Run npm test" instead of just "Test"
  3. Context-based - Adjust based on project/situation
  4. Use multiSelect - When multiple actions can be done together
  5. Execute immediately - Perform action(s) right after user selection

Comments

Loading comments...