ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Antfarm Workflows

Multi-agent workflow orchestration for OpenClaw. Use when user mentions antfarm, asks to run a multi-step workflow (feature dev, bug fix, security audit), or...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 622 · 19 current installs · 20 all-time installs
byYonghao Zhao@YonghaoZhao722
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to orchestrate multi-agent workflows via a local CLI at ~/.openclaw/workspace/antfarm/dist/cli/cli.js (invoked with node). Yet the registry metadata lists no required binaries or config paths and the package includes no code or install step. Requiring a Node runtime and an on-disk workspace is expected for this functionality, but those prerequisites are not declared.
!
Instruction Scope
SKILL.md instructs the agent to run commands that manage cron jobs, read/write a shared SQLite DB and operate on files in the user's home (~/.openclaw). It also references a separate 'cron' tool and starting a dashboard (opening a port). Those actions touch system state outside a narrow, read-only query scope and are not declared in the skill metadata.
Install Mechanism
There is no install spec (instruction-only), which is low risk by itself. However, the instructions assume pre-existing on-disk code under ~/.openclaw/workspace/antfarm; because no code or install step is provided, the skill either expects external setup or will instruct the agent to run commands that don’t exist locally — an incoherence worth clarifying.
!
Credentials
The skill declares no environment variables or credentials, but runtime behavior requires access to the user's home directory, crontab, and a local SQLite DB. Those are sensitive resources; the absence of declared config paths or required binaries (e.g., node) is disproportionate to the metadata and could lead to unexpected file/cron/database modifications.
Persistence & Privilege
always:false and normal model invocation settings are appropriate. The skill does not request forced-permanent inclusion. The primary concern is not privilege flags but the fact that its instructions manipulate system crons and files if executed.
What to consider before installing
This skill's instructions expect a local Node CLI at ~/.openclaw/workspace/antfarm and will create/manage cron jobs, a SQLite DB, and a dashboard — but the skill bundle includes no code and does not declare Node or those config paths. Before installing or invoking: 1) ask the publisher for the source repository or release tarball so you can review the actual code; 2) verify whether ~/.openclaw/workspace/antfarm exists and inspect its contents; 3) ensure you trust any install/uninstall commands (they may delete DBs or create cron jobs); 4) confirm who/what will run the dashboard and whether it will open network ports; and 5) if you do not have or do not want automatic crontab/DB changes, do not run the install/uninstall or force-trigger commands. The current mismatch between metadata and runtime instructions is concerning and should be resolved before use.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk970gytrs8c5bztsbdecrkhdx581f83q

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Antfarm

Multi-agent workflow pipelines on OpenClaw. Each workflow is a sequence of specialized agents (planner, developer, verifier, tester, reviewer) that execute autonomously via cron jobs polling a shared SQLite database.

All CLI commands use the full path to avoid PATH issues:

node ~/.openclaw/workspace/antfarm/dist/cli/cli.js <command>

Shorthand used below: antfarm-cli means node ~/.openclaw/workspace/antfarm/dist/cli/cli.js.

Workflows

WorkflowPipelineUse for
feature-devplan -> setup -> develop (stories) -> verify -> test -> PR -> reviewNew features, refactors
bug-fixtriage -> investigate -> setup -> fix -> verify -> PRBug reports with reproduction steps
security-auditscan -> prioritize -> setup -> fix -> verify -> test -> PRCodebase security review

Core Commands

# Install all workflows (creates agents + starts dashboard)
node ~/.openclaw/workspace/antfarm/dist/cli/cli.js install

# Full uninstall (workflows, agents, crons, DB, dashboard)
node ~/.openclaw/workspace/antfarm/dist/cli/cli.js uninstall [--force]

# Start a run
node ~/.openclaw/workspace/antfarm/dist/cli/cli.js workflow run <workflow-id> "<detailed task with acceptance criteria>"

# Check a run
node ~/.openclaw/workspace/antfarm/dist/cli/cli.js workflow status "<task or run-id prefix>"

# List all runs
node ~/.openclaw/workspace/antfarm/dist/cli/cli.js workflow runs

# Resume a failed run from the failed step
node ~/.openclaw/workspace/antfarm/dist/cli/cli.js workflow resume <run-id>

# View logs
node ~/.openclaw/workspace/antfarm/dist/cli/cli.js logs [lines]

# Dashboard
node ~/.openclaw/workspace/antfarm/dist/cli/cli.js dashboard [start] [--port N]
node ~/.openclaw/workspace/antfarm/dist/cli/cli.js dashboard stop

Before Starting a Run

The task string is the contract between you and the agents. A vague task produces bad results.

Always include in the task string:

  1. What to build/fix (specific, not vague)
  2. Key technical details and constraints
  3. Acceptance criteria (checkboxes)

Get the user to confirm the plan and acceptance criteria before running.

How It Works

  • Agents have cron jobs (every 15 min, staggered) that poll for pending steps
  • Each agent claims its step, does the work, marks it done, advancing the next step
  • Context passes between steps via KEY: value pairs in agent output
  • No central orchestrator — agents are autonomous

Force-Triggering Agents

To skip the 15-min cron wait, use the cron tool with action: "run" and the agent's job ID. List crons to find them — they're named antfarm/<workflow-id>/<agent-id>.

Workflow Management

# List available workflows
node ~/.openclaw/workspace/antfarm/dist/cli/cli.js workflow list

# Install/uninstall individual workflows
node ~/.openclaw/workspace/antfarm/dist/cli/cli.js workflow install <name>
node ~/.openclaw/workspace/antfarm/dist/cli/cli.js workflow uninstall <name>
node ~/.openclaw/workspace/antfarm/dist/cli/cli.js workflow uninstall --all [--force]

Creating Custom Workflows

See {baseDir}/../../docs/creating-workflows.md for the full guide on writing workflow YAML, agent workspaces, step templates, and verification loops.

Agent Step Operations (used by agent cron jobs, not typically manual)

node ~/.openclaw/workspace/antfarm/dist/cli/cli.js step claim <agent-id>        # Claim pending step
node ~/.openclaw/workspace/antfarm/dist/cli/cli.js step complete <step-id>      # Complete step (output from stdin)
node ~/.openclaw/workspace/antfarm/dist/cli/cli.js step fail <step-id> <error>  # Fail step with retry
node ~/.openclaw/workspace/antfarm/dist/cli/cli.js step stories <run-id>        # List stories for a run

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…