MCP Workflow

Workflow automation using MCP (Model Context Protocol) patterns inspired by Jason Zhou

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 0 · 494 · 3 current installs · 3 all-time installs

by@slemo54

MIT-0

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

high confidence

Purpose & Capability

The skill claims to provide MCP workflow automation (prompt chains, resource embedding, cross-server orchestration) and the included server/script files implement those capabilities. However there are incoherences: SKILL.md and templates reference integrations (e.g., 'config://', 'notion', 'email', 'git://', 'github://', 'linear://') that the server and shell script do not fully implement, and the metadata declares no required binaries even though the runtime clearly needs node and jq. These gaps make it unclear which features are actually supported and why certain resource types are listed.

Instruction Scope

Runtime instructions tell the agent/user to run node scripts/mcp-server.js and the shell workflow engine. The server implements memory://, template:// and file:// resources and the shell script reads and writes local files and a .mcp workspace. The server's file:// handler reads arbitrary file paths without sanitization, meaning workflows or prompts that reference file:// can access any file the agent process can read — this is coherent with 'resource embedding' but is high-risk in practice. Also SKILL.md lists config:// resources and describes config at ~/.openclaw/mcp-workflow.json, but the server's ReadResource handler does not implement config:// reading and the server does not read the ~/.openclaw config as described — a direct mismatch between instructions and code.

✓

Install Mechanism

There is no external install spec or network download; the skill is instruction-plus-local-scripts only. No remote archives or installers are fetched by the skill itself, which reduces supply-chain risk. However the code depends on local runtime binaries (node, jq) that are not declared in the registry metadata.

Credentials

The registry lists no required environment variables, but the code reads environment variables (e.g., process.env.WORKFLOWS_DIR and the shell script respects MCP_DIR). The shell script and server will read and write files on disk (templates, workflows, .mcp, .mcp-memory.json), but those file-access patterns are not called out in the registry metadata. The skill does not request cloud credentials, which is appropriate, but the lack of declared runtime requirements (node, jq, file-path access) is an unexplained omission.

ℹ

Persistence & Privilege

always:false (good). The skill writes local state (memory files like .mcp/.workflow-memory.json and templates/workflows in the working directory) and creates an MCP workspace when initialized. It does not request system-wide configuration changes or claim elevated privileges, but it will persist data to disk within the user's project or current directory and can read arbitrary files via file:// URIs.

What to consider before installing

Before installing or running this skill: - Expect to need Node.js and the jq CLI (the scripts call node and jq, but the registry metadata does not declare them). - Review the two included scripts (scripts/mcp-server.js and scripts/workflow-engine.sh) yourself — they read and write files and will read any path given via file:// URIs. Do not run them against sensitive directories or as root. - The server can return arbitrary local files (file://{path}) to workflows; if you run the skill inside an agent with access to your home or project files, workflows or templates could leak data. Consider running inside a sandbox/container with limited filesystem scope. - The SKILL.md mentions config:// and an OpenClaw config at ~/.openclaw/mcp-workflow.json, but the server code does not implement config:// reads nor automatically load that path — verify configuration behavior matches your expectations before relying on it. - If you need integrations (email, Notion, Git providers) verify whether those are actually implemented or whether templates merely reference them. Don’t provide credentials unless you confirm the code will use them only for the intended integrations. - If you’re unsure, run the code in an isolated environment, or ask the skill author for clarification about required binaries, which resource types are implemented, and where the skill will read/write data.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0

Download zip

latestvk97952gytcpsdvbbar9vzbsb4x81h88s

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

MCP Workflow Skill

Quick Reference

# Start MCP Server
node scripts/mcp-server.js

# Run a workflow
./scripts/workflow-engine.sh run <workflow-name> [--input <json>]

# List available workflows
./scripts/workflow-engine.sh list

# Create new workflow from template
./scripts/workflow-engine.sh create <name> --from <template>

# Validate workflow
./scripts/workflow-engine.sh validate <workflow-file>

Overview

This skill implements workflow automation using the Model Context Protocol (MCP), enabling:

Prompt Chains: Multi-step prompt sequences
Dynamic Workflows: Context-aware adaptation
Resource Integration: File/data embedding
Cross-Server Coordination: Multi-MCP orchestration

Workflow Patterns

1. Prompt Chain Pattern

plan → generate → execute → validate

2. Dynamic Prompt Pattern

context → adapt → generate → output

3. Resource Embedding Pattern

resource://{type}/{id} → load → embed → process

4. External Trigger Pattern

trigger → validate → dispatch → execute

Built-in Templates

Template	Description	Use Case
`meal-planner`	Weekly meal planning	Nutrition, shopping lists
`code-review`	Automated code review	PR analysis, quality checks
`weekly-report`	Status report generation	Team updates, metrics
`documentation-generator`	Doc generation	API docs, changelogs

MCP Server Features

Resources

file://{path} - File system access
memory://{key} - Memory storage
config://{section} - Configuration values

Tools

workflow.run - Execute workflow
workflow.list - List workflows
workflow.validate - Validate workflow JSON
prompt.render - Render prompt template

Prompts

chain:plan - Planning prompt
chain:generate - Generation prompt
chain:review - Review prompt

Example Usage

Meal Planner Workflow

./scripts/workflow-engine.sh run meal-planner \
  --input '{"diet":"vegetarian","days":7,"budget":50}'

Code Review Workflow

./scripts/workflow-engine.sh run code-review \
  --input '{"repo":"myapp","pr":123}'

Weekly Report

./scripts/workflow-engine.sh run weekly-report \
  --input '{"project":"dashboard","week":"2024-W01"}'

Best Practices

1. Workflow Design

Keep steps atomic and focused
Use clear input/output contracts
Implement error handling at each step
Version your workflows

2. Prompt Engineering

Use system prompts for context
Provide examples in few-shot prompts
Chain prompts for complex tasks
Validate outputs before next step

3. Resource Management

Use URI patterns consistently
Cache frequently accessed resources
Clean up temporary resources
Document resource schemas

4. Cross-Server Coordination

Define clear interfaces between servers
Use standardized message formats
Implement health checks
Handle timeouts gracefully

Configuration

Create ~/.openclaw/mcp-workflow.json:

{
  "servers": [
    {
      "name": "local",
      "command": "node scripts/mcp-server.js",
      "env": {}
    }
  ],
  "workflowsDir": "./workflows",
  "templatesDir": "./scripts/templates",
  "defaultTimeout": 30000
}

Integration with OpenClaw

Use in your OpenClaw session:

# Load the skill
openclaw skill load mcp-workflow

# Run workflow
openclaw workflow run meal-planner --input '{"days":5}'

References

Files

10 total

Select a file

Select a file to preview.

Comments

Loading comments…