Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
FlowForge Workflow Engine
v1.1.0Run structured multi-step workflows via FlowForge engine. Use when user requests step-by-step execution, structured workflows, or when a task needs enforced...
⭐ 0· 45·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (FlowForge Workflow Engine) align with the SKILL.md (instructions for running YAML-defined workflows). However the registry metadata claims no required binaries while the runtime docs explicitly require a 'flowforge' CLI — that mismatch suggests the manifest is incomplete. Also the skill references an npm package (@kagura-agent/flowforge) in setup.md; that is plausible for this purpose but the package/owner are not declared in registry metadata or linked by homepage/source.
Instruction Scope
The SKILL.md stays on-topic: it instructs the agent to call the flowforge CLI, follow action types, spawn sub-agents for 'subagent' nodes, advance state, and manage workflows. It does not instruct reading unrelated system files or exfiltrating environment variables. It does reference the FlowForge DB location (~/.flowforge/flowforge.db) and CLI commands, which is expected for a local workflow engine.
Install Mechanism
There is no install spec in the skill bundle, but setup.md instructs installing an npm package globally (npm install -g @kagura-agent/flowforge). Installing an external npm package is a moderate risk: the package origin and contents are not linked in the skill metadata (no homepage/source). The use of a global npm install and advice around altering npm global prefix or using sudo are operationally risky and should be verified before running.
Credentials
The skill declares no required env vars or credentials (consistent with a local CLI tool). It does expect a CLI binary on PATH and will create/use a local DB at ~/.flowforge/flowforge.db. That local filesystem access is proportionate for a workflow engine, but the skill does not explicitly limit what workflows might request — workflows themselves can contain arbitrary tasks, so you should audit workflow YAMLs for requests that would touch credentials, network, or other sensitive resources.
Persistence & Privilege
The skill is not always-enabled and does not request special agent-wide privileges. It instructs use of a local DB (~/.flowforge) and persistent workflow files in a workspace 'workflows/' directory, which is consistent with its purpose. The instruction to remove ~/.flowforge to reset state is potentially destructive (expected for a reset operation) and should be used cautiously.
What to consider before installing
This skill appears to be a coherent workflow-runner, but take these precautions before installing or using it:
- Verify the FlowForge CLI package (@kagura-agent/flowforge) before running npm install: inspect the package on the npm registry or its source repository (README, code, publish history). The skill bundle does not include a homepage or source link.
- Because the SKILL.md requires a 'flowforge' CLI but the manifest lists no required binary, confirm that the CLI is installed and trustworthy. Prefer installing in a controlled environment (container or VM) first.
- Audit any workflow YAMLs you add to workflows/ — workflows contain free-text 'task' fields that the agent will act on; malicious or careless tasks can cause the agent to perform unwanted actions or handle secrets. Never run untrusted workflow files in a privileged environment.
- Confirm your agent runtime supports the sessions_spawn API the skill expects (the SKILL.md instructs spawning sub-agents). If the platform doesn't support that, follow a safe fallback policy rather than allowing arbitrary command execution.
- Note the local DB path (~/.flowforge/flowforge.db) and reset command (rm -rf ~/.flowforge) are destructive; back up data if needed and avoid blindly following destructive commands.
If you want higher assurance, ask the publisher for the FlowForge CLI source repository or package tarball so you can review the code (network calls, telemetry, privileged operations) before installing. If you cannot verify the CLI/package origin, treat the npm install as a higher-risk operation and run it in an isolated environment.Like a lobster shell, security has layers — review code before you run it.
latestvk9730dxfw3rtg1c1b5zfm2vx2x83zz6h
License
MIT-0
Free to use, modify, and redistribute. No attribution required.