Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Comanda
v1.0.2Generate, visualize, and execute declarative AI pipelines using the comanda CLI. Use when creating LLM workflows from natural language, viewing workflow charts, editing YAML workflow files, or processing/running comanda workflows. Supports multi-model orchestration (OpenAI, Anthropic, Google, Ollama, Claude Code, Gemini CLI, Codex).
⭐ 1· 1.9k·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match the SKILL.md and WORKFLOW-SPEC: this is a user-facing guide for the comanda CLI to generate/visualize/execute YAML workflows that chain LLMs. The skill is instruction-only and therefore does not itself request credentials or binaries; that is consistent because the CLI (installed separately by the user) is what requires API keys.
Instruction Scope
The instructions show workflows reading local files, referencing environment variables, fetching URLs, running shell loops, and using 'agentic' models that can execute commands and edit the filesystem. This is plausible for a workflow engine, but it widens the scope: workflows can access local files and env vars and execute commands, so untrusted workflows could exfiltrate data or run arbitrary commands. The SKILL.md does not itself instruct the platform agent to read unrelated host files, but it documents that comanda workflows can.
Install Mechanism
There is no install spec in the skill (instruction-only). The SKILL.md suggests installing via Homebrew or 'go install' — both are conventional release methods. No downloaded, opaque artifacts are included in the skill bundle.
Credentials
The skill declares no required env vars (reasonable for an instruction-only skill). However, it instructs users to 'comanda configure' to set provider API keys and documents that workflows can reference arbitrary environment variables. That means sensitive credentials will be managed outside this skill by the external CLI; users should expect to supply provider keys locally and be aware that workflows may read environment variables.
Persistence & Privilege
The skill is not always-enabled, is user-invocable, and allows model invocation (the platform default). It does not request persistent system-wide configuration or modify other skills. Autonomous invocation is allowed by default but not combined with 'always:true' or other elevated privileges.
Assessment
This skill is an instruction-only integration for the comanda CLI and is coherent with that purpose. Before using it: (1) Only install the actual comanda binary from trusted sources (brew or the official repo); verify the GitHub repo and release signatures if possible. (2) Inspect any workflow YAML before running it — workflows can read files, environment variables, fetch URLs, and invoke agentic models that may run shell commands. Do not run untrusted workflows on sensitive hosts or with credentials in your environment. (3) When configuring provider API keys, follow least-privilege practices and prefer separate keys/accounts for automation. (4) If you want the skill to run autonomously, be extra cautious because workflows could be crafted to access local secrets or exfiltrate data. If you need, ask the publisher for provenance (official homepage/repo tags) to increase confidence.Like a lobster shell, security has layers — review code before you run it.
latestvk97fjesn2nz9k3st6ex015dbd980yf29
License
MIT-0
Free to use, modify, and redistribute. No attribution required.