Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Agent Workflow Enforcer
v1.0.0让 AI Agent 的执行流程稳定可控。 通过 Gate 门禁、强制输出格式、Style Context 持久化, 把"建议"变成"必须",解决 Agent 选择性执行的问题。
⭐ 0· 343·0 current·0 all-time
by@jzocb
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (enforcing agent workflows with gates, output format, and style persistence) match the included gate.py and the SKILL.md instructions. No unrelated credentials, binaries, or installs are requested.
Instruction Scope
SKILL.md instructs the agent to run several scripts (gate.py, create_style_context.py, detect_learning.py) and to add enforced blocks to AGENTS.md/system prompts. Only gate.py is present in the package; create_style_context.py and detect_learning.py are referenced but not included. The instructions also ask agents to read/write local files (style-context.yaml, learnings.jsonl) and to modify AGENTS.md/system prompts — these actions are expected for the stated purpose but you should confirm the missing scripts and file-write behavior before use.
Install Mechanism
No install spec is provided and the skill is instruction-first with one small Python script. Nothing is downloaded or installed by the package itself.
Credentials
The skill declares no required environment variables, credentials, or config paths. The gate.py script only prints checklists and does not read secrets or network resources.
Persistence & Privilege
Flags show always=false and the skill is user-invocable; it does not request permanent agent presence. The SKILL.md recommends editing AGENTS.md / system prompts, which is a user action and not a stealthy privilege request.
What to consider before installing
This skill appears to do what it says: gate checks and enforcing output-format conventions. However:
- SKILL.md references create_style_context.py and detect_learning.py but only scripts/gate.py is included. Ask the publisher for the missing scripts or inspect them before running anything that would create or learn from files.
- The homepage/source points to an example GitHub URL (github.com/example/...), and the package author is anonymous; prefer code from a real, trusted repo or request provenance.
- The gate script itself is harmless (prints checklists) but the missing scripts could perform file writes or network activity — validate their contents and run in a sandbox first.
Practical next steps before installing/using:
1. Request the full repository or the missing script files and review them for file I/O and network calls.
2. Test locally in an isolated environment (or container) to observe any file writes (style-context.yaml, learnings.jsonl) and ensure no unexpected network requests occur.
3. If you will add the suggested snippets to AGENTS.md or system prompts, do so intentionally and keep backups of existing prompts/configs.
If you can't obtain the missing scripts and provenance, treat the package as incomplete and avoid running anything that would modify agent/system files.Like a lobster shell, security has layers — review code before you run it.
latestvk977bkhhcdgrqe6xc4etb27ey5822esr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.