Agent Step Sequencer
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: agent-step-sequencer Version: 1.1.0 The OpenClaw AgentSkills skill bundle 'agent-step-sequencer' is classified as benign. The code and documentation demonstrate a strong focus on security, explicitly implementing and testing robust controls against command injection (e.g., blocking shell interpreters and flags in `STEP_AGENT_CMD`, using `shell=False` in `subprocess.run`) and path traversal (validating `requiredOutputs` against the workspace root). The `SKILL.md` instructions guide the AI agent on multi-step task orchestration and transparent error handling, without any malicious prompt injection attempts. The `CHANGELOG.md` further confirms that OpenClaw security scan findings were addressed, reinforcing the skill's secure design.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
After approving a plan, the skill can launch your configured agent for each step and let it act with that agent's normal permissions.
Each scheduled step is passed to a configured local agent command. That is the core purpose of the skill, but the command may have whatever authority the local agent has.
agent_cmd = get_agent_cmd() + [prompt] ... subprocess.run(agent_cmd, capture_output=True, text=True, timeout=3600, shell=False)
Set STEP_AGENT_CMD only to a trusted agent command, review the generated plan before approval, and avoid using this scheduler for destructive or account-changing work unless you want that automation.
Approved tasks may keep running or retrying from local state even after the original session is interrupted.
The skill intentionally persists and resumes agent work through heartbeat invocations, so it can continue after a reset or between user interactions.
**Heartbeat** (e.g. every 5 min) also invokes the script ... If gateway resets mid-step, next heartbeat reads state and resumes correctly.
Wire the heartbeat only when you want this behavior, keep the state file under your control, and stop it by disabling the heartbeat or setting/removing the active state when the task is done.
If the state file is modified or contains sensitive text, future agent runs may be steered by that content or retain local snippets of private output.
The state file stores step instructions and snippets of agent output or errors that can be reused on later runs and retries.
instruction = step_def.get("instruction", "") ... prompt = instruction ... step_runs[step_id]["stdout"] = stdout[:500]Store state.json only in trusted workspaces, avoid putting secrets in step instructions, and review state before running heartbeat-based tasks in shared directories.
Users have less external provenance information to verify the publisher, history, or upstream updates.
The registry metadata does not provide an upstream source or homepage for independent provenance checks, although the included code and install requirements are visible.
Source: unknown; Homepage: none
Review the included files before installing and prefer installing from the trusted registry entry rather than copying from unknown locations.