Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Workflow Optimizer
v0.1.1Use this skill when optimizing AI workflows and skill orchestration. Provides workflow analysis, bottleneck identification, performance optimization recommen...
⭐ 0· 56·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes importing data from task tools (Trello/Jira), automatic execution of optimizations, reading skill-invocation logs, and rollbacks — all of which normally require API credentials, config paths, or code that can modify workflows. Registry metadata lists no required env vars, no config paths, and no binaries. That mismatch (declared zero privileges but described capabilities that need privileges) is incoherent.
Instruction Scope
The runtime instructions declare tools including Bash and Exec (ability to run shell commands) and promise automated optimization and execution/rollback of workflow changes. SKILL.md also refers to integrating with external services and tracking invocation logs. Although the file does not include explicit malicious commands, the instruction set gives broad ability to read/write and execute — broader than the declared minimal requirements — creating scope creep and risk.
Install Mechanism
There is no install spec and no code files (instruction-only), which is lower-risk in isolation. However package.json is present and points to a main file (src/index.js) that is not included; that inconsistency is odd and worth asking about (is there hidden runtime code or missing files?).
Credentials
SKILL.md describes integrations (task management APIs, sending to team channels, reading invocation logs) that would require tokens/credentials and possibly access to agent logs/config, but requires.env and primary credential are empty. The skill also lists Read/Write/Bash/Exec tools without declaring what files or paths it needs. Required secrets are absent from metadata — disproportionate and unclear.
Persistence & Privilege
always:false (good). Autonomous invocation is allowed (platform default); combined with declared Exec/Bash capability and the skill's promise to perform automated changes, this increases blast radius if the agent is allowed to run it autonomously. The skill does not request persistent installation, but its claimed ability to edit workflows/perform rollbacks implies it would need write permissions somewhere — none are declared.
What to consider before installing
Do not install this into production or grant it broad autonomous access until the author clarifies several items: 1) exactly which external APIs/services it will call (Trello/Jira/others) and the names of env vars/tokens required; 2) what filesystem or agent logs it needs to read/write and the exact config paths; 3) whether there is runtime code (src/index.js) and, if so, provide the source for review; 4) what commands it will run when using Bash/Exec and what actions 'automated optimization execution' will perform (specifically whether it will modify other skills or system configs); 5) whether you can limit it to a sandbox or give it least-privilege credentials and disable autonomous invocation. If you proceed, require least-privilege API keys, test in an isolated environment, and request source code or a reproducible private deployment so you can audit the behavior before granting wider access.Like a lobster shell, security has layers — review code before you run it.
latestvk9718x9t4f55tckkk5s3c4c9358407jm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.