Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Bytesagain Workflow Builder
v1.0.3Create and run multi-step shell workflows with status tracking. Use when automating deployment sequences, chaining build steps, running CI pipelines locally,...
⭐ 0· 53·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (multi-step shell workflows) aligns with the included script: it creates, stores, lists, runs, and exports workflows saved under $HOME/.bytesagain-workflows. Declared requirements (bash, python3) are consistent with the implementation.
Instruction Scope
SKILL.md documents a CLI (bytesagain-workflow-builder) and usage that matches script behavior. However, there is no install spec that places the script on PATH — the repo includes scripts/script.sh which implements the CLI, but the SKILL instructs use of a command name without describing installation. The runtime instructions and the script do not access unrelated files, credentials, or external endpoints.
Install Mechanism
No install spec (instruction-only) — lowest-risk model. The repository includes a script file but there is no download-from-URL or package install step. No archives or external installers were used.
Credentials
The skill requests no environment variables or credentials. The script writes to a per-user directory ($HOME/.bytesagain-workflows) which is proportionate to its function. There are no unexpected credential names or config paths requested.
Persistence & Privilege
always:false and no special privileges requested. The skill persists only per-user workflow JSON under $HOME and does not modify other skills or system-wide configuration.
Assessment
This skill appears coherent and implements a local workflow runner that executes whatever shell commands you add. Important things to consider before installing/using: (1) The included script stores workflow JSON in $HOME/.bytesagain-workflows and logs up to ~200 characters of each step's stdout/stderr — don't add commands that print secrets you don't want persisted. (2) Steps are executed via the shell (subprocess.run with shell=True) so only add trusted commands; malicious or poorly written commands can modify your system or exfiltrate data. (3) There is no install spec to put a 'bytesagain-workflow-builder' binary on your PATH — you may need to inspect scripts/script.sh and decide how to install or invoke it safely (e.g., review the script, place it in a controlled path, or run it explicitly). (4) Sample templates include actions like rsync, docker push, and kubectl which can interact with remote systems — review credentials/targets before running. If you want higher assurance, review the script source locally, run commands in a sandbox/container, or add stricter output handling and step timeouts.Like a lobster shell, security has layers — review code before you run it.
latestvk97f6wyvrvj29qxx7kzad5dkwh83tb42
License
MIT-0
Free to use, modify, and redistribute. No attribution required.