Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Workflow Engine
v1.0.0Structural parity skeleton for queue-driven orchestration in a workflow context.
⭐ 0· 1.1k·14 current·16 all-time
byPedro Gonzalez@plgonzalezrx8
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name and description match the instructions: this is a skeleton workflow/queue orchestrator that reads/writes local queue and ops files. However, the SKILL.md includes installation steps (./install-hooks.sh, openclaw hooks enable) that imply additional artifacts or system changes that are not present in the package. That mismatch is noteworthy but could be legitimate if install artifacts are distributed separately.
Instruction Scope
Runtime instructions direct the agent to read and persist local files (ops/*, ops/queue/*) which is consistent with a queue orchestrator. But the SKILL.md also instructs running an install script and invoking openclaw hooks enable commands that will modify agent hooks/configuration; those steps are outside the normal read/operate-on-queue scope and could change agent behaviour. The skill permits use of Bash as an allowed tool while also claiming 'Never: execute arbitrary shell from user-provided strings' — that is a useful safety constraint but still leaves room for shell actions. The skill itself does not include the install script or hook definitions to audit.
Install Mechanism
There is no formal install spec (lowest install risk). However, the SKILL.md provides manual install instructions that reference './install-hooks.sh' and 'openclaw hooks enable'—neither file nor script is included. The absence of provided install artifacts means a user would need to obtain or run external scripts whose contents are unknown.
Credentials
The skill declares no required environment variables, binaries, or config paths. The requested scope of access (reading ops/ and queue files) is proportional to the stated purpose.
Persistence & Privilege
The skill does not force persistent inclusion (always:false), which is good. But its installation guidance explicitly tells operators to enable hooks via 'openclaw hooks enable', which would modify agent-level hook configuration (i.e., system/other-skills behavior). Instructions that change hook configuration are a persistence/privilege concern because they alter agent behavior beyond the skill's own runtime, and the skill package doesn't include the artifacts to inspect before making those changes.
What to consider before installing
This is an instruction-only skeleton that reads/writes local 'ops' and queue files and otherwise behaves as a deterministic orchestrator. Things to consider before installing or running anything: 1) The package contains no install scripts or hook definitions, yet the README tells you to run './install-hooks.sh' and 'openclaw hooks enable' — do not run unknown install scripts; obtain and inspect them first. 2) Enabling hooks modifies agent-wide behavior; only enable them if you trust the source and understand what each hook does. 3) Review any local ops/queue files for secrets before letting the skill read them, and consider running in an isolated/test agent to observe effects. 4) If you need more assurance, ask the publisher for the missing install artifacts, source repository, or a signed release before enabling hooks in production.Like a lobster shell, security has layers — review code before you run it.
latestvk97079xxhnt6mxbpag7pjr5n0n81fwh9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.