ClawHub

Pi Workflow Orchestration

v1.1.1

Workflow orchestration for Pi's task management, self-improvement, and code quality standards. Use when starting new projects, managing multi-step tasks (3+...

0· 489·2 current·2 all-time
by@kai-tw
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill claims to provide workflow orchestration, self-improvement loops, and bootstrap reminders; included files (SKILL.md, hook handlers, docs, and a sync script) implement exactly that. Required env, binaries, and config paths are empty, matching the stated purpose.
Instruction Scope
SKILL.md instructs the agent to write and maintain files under tasks/ (todo.md, lessons.md, errors.md, feature_requests.md) and to run the provided sync script to merge workspace lessons into the skill repo. The hook handlers only inject a virtual bootstrap file into session context. There are no instructions to read or exfiltrate secrets, access unrelated system config, or call external endpoints.
Install Mechanism
No install spec is provided (instruction-only with optional local hook files). The included hook files are local code (handler.js/ts) and a Python sync script; nothing is downloaded from external URLs during install. This is proportionate to the functionality.
Credentials
The skill does not request environment variables, API keys, or credentials. The sync script reads from a workspace path (default ~/.openclaw/workspace) and writes to the skill's references/lessons.md — this file-system access is consistent with the documented purpose.
Persistence & Privilege
The hook injects a virtual reminder on agent bootstrap (in-memory) and the repository suggests copying the hook into ~/.openclaw/hooks to enable it. The skill is not set always:true and does not autonomously add persistent credentials; however enabling the hook (manual or via ClawHub) will cause bootstrap reminders each session — this is expected but worth noting before enabling.
Assessment
This skill appears to do exactly what it says: provide planning templates, capture lessons, and optionally inject a session-start reminder. Before enabling/installing: 1) Review handler.js/handler.ts (they are short and only inject a virtual file) and confirm you are comfortable copying the hook into ~/.openclaw/hooks; 2) If you plan to run scripts/sync_lessons.py, use the --dry-run first to confirm it reads the correct workspace path (~/.openclaw/workspace by default) and that you’re ok with it updating references/lessons.md in the skill repo; 3) Be cautious if you edit the handler to add links — pointing to internal URLs is fine but avoid adding network calls or secret embeddings; 4) If you prefer no automatic reminders, keep the hook disabled (openclaw hooks enable/disable is documented). Overall the files are coherent with the stated purpose and do not request unrelated privileges or credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk978j9ctydy3e51seny5787tr981wcc0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments