Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
FlowForge
v1.0.0Run structured multi-step workflows via FlowForge engine. Use when user requests step-by-step execution, structured workflows, or when a task needs enforced...
⭐ 0· 68·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes a FlowForge workflow runner and expects a FlowForge CLI (npm package @kagura-agent/flowforge). That purpose matches the instructions (list/start/status/next/log, local workflows), however the skill's registry metadata did not declare the CLI or any required binaries — a discrepancy that should have been declared. Otherwise requested capabilities (local file access, ~/.flowforge DB) align with the stated purpose.
Instruction Scope
The SKILL.md instructs the agent to run arbitrary FlowForge CLI commands and to execute node 'task' text (which can include reading files, running tests, making PRs, etc.) — expected for a runner. More concerning: a 'self-updating rule' tells the agent to edit this SKILL.md (add intent→workflow mappings and update YAML frontmatter) and the setup suggests editing AGENTS.md/CLAUDE.md. That instructs the agent to modify the installed skill and workspace agent-steering files, which is scope creep and increases risk (persisted changes to activation behavior).
Install Mechanism
There is no formal install spec in the registry (instruction-only). setup.md tells users to install the CLI via `npm install -g @kagura-agent/flowforge`. An npm global install is a moderate-risk action if the package origin and contents are not verified; the skill itself does not bundle or declare the CLI dependency in metadata.
Credentials
The skill requests no environment variables or external credentials. It does write to and read from local/workspace paths (~/.flowforge, ./workflows, workflows/), which is appropriate for a local workflow engine. No unrelated secrets or service tokens are requested.
Persistence & Privilege
The skill does not set always:true, but it explicitly instructs agents to persist mappings by editing SKILL.md frontmatter and to add steering entries to AGENTS.md, which effectively increases future activation and persistence. Directing autonomous edits to the skill's own files and agent steering docs is a notable privilege escalation (ability to change how/when the skill is invoked).
What to consider before installing
This skill looks coherent for running local, multi-step workflows, but exercise caution before installing and letting an agent run it autonomously. Specific recommendations:
- Verify the FlowForge CLI package (@kagura-agent/flowforge) on npm (author, source repo, code) before running `npm install -g`.
- Do not grant an agent blanket write permission to installed skill files or workspace agent-steering docs if you are uncomfortable with autonomous edits; consider removing or disabling the 'self-updating' rule and instead maintain intent→workflow mappings manually.
- Run the CLI in a controlled/sandboxed account (non-root) and review ~/.flowforge contents; back up or isolate any sensitive data before use.
- Audit any workflows you add or accept to ensure they don't instruct the agent to exfiltrate secrets or perform network operations you didn't intend.
- Ask the publisher (or inspect source) to update registry metadata to declare the required CLI/binaries explicitly so dependency expectations are clear.
If you want to proceed safely: install the CLI only after review, disable automatic edits to SKILL.md/AGENTS.md, and test the flowforge CLI locally without giving agents automatic permission to modify skill files.Like a lobster shell, security has layers — review code before you run it.
latestvk9794k34d3mw9yanqhv2aste9x83wxk3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.