ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Workflows

Playbook for authoring, running, evaluating, and improving Gina sandbox workflows with safe defaults and repeatable operations.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
2 · 477 · 4 current installs · 4 all-time installs
byAsk Gina@askginadotai
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (workflow authoring, running, evaluating) match the content: CLI commands, workflow file locations, run artifacts, and evaluation/optimize loop are all directly relevant. No unrelated credentials, binaries, or installs are requested.
Instruction Scope
The SKILL.md and references describe workflow step types that include powerful runtime primitives (exec, fs.promises.*, kv.*, sql, callTool). This is expected for a workflow engine because steps must run shell commands, read/write files, and use KV/SQL. Because the playbook instructs authors/operators to scaffold/open workflows in /workspace/.harness/workflows and to validate/run them, you should review workflow code before executing runs—steps can execute arbitrary host commands and access files.
Install Mechanism
Instruction-only skill with no install spec and no code files to write to disk. Low installation risk.
Credentials
No environment variables, credentials, or config paths are requested. The playbook explicitly advises least-privilege and not including secrets in logs or skill text.
Persistence & Privilege
Skill does not request always:true, does not modify other skills, and is user-invocable only. No long-lived privileges or autonomous persistence are requested.
Assessment
This is a coherent operations playbook for creating and running sandbox workflows. It does describe and rely on workflow step capabilities that can execute shell commands, read and write files, and access KV/SQL; those are normal for a workflow system but mean you should never run unreviewed workflows. Before installing/using: (1) Confirm the 'workflow' CLI/runtime you will call is the expected/trusted tool on your system, (2) review any .ts workflow definitions in /workspace/.harness/workflows for untrusted exec/fs/kv usage, (3) keep secrets out of workflow code and logs, and (4) require explicit permission scopes and least privilege for any steps that perform writes or external actions.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.2
Download zip
latestvk97bcqx055gt14fhtdt8xhcerh81q847

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Workflows via Ask Gina Skill

What It Does

Provides a practical workflow-authoring and operations standard for Gina sandbox automation.

  • Creates and validates workflow definitions.
  • Runs workflows and inspects artifacts/logs.
  • Applies a repeatable eval -> optimize -> compare loop.
  • Uses safe TypeScript/SQL/KV patterns for step logic.

When To Use

  • You are creating or maintaining multi-step workflow orchestration.
  • You need reproducible debugging from run artifacts.
  • You want measurable improvements using baseline comparisons.

When Not To Use

  • The task is a single action with no orchestration requirement.
  • You only need high-level strategy language without runnable steps.
  • You cannot provide explicit permissions or side effects.

Inputs

  • Workflow intent and success criteria.
  • Trigger definition and input schema.
  • Required tools/data sources and permission scope.
  • Optional baseline run ID for optimization.

Outputs

  • Validated workflow definition (.ts).
  • Runnable execution with traceable artifacts.
  • Evaluation record with baseline comparison.
  • Clear rollback path for regressions.

Core Commands

workflow create <id>
workflow validate <id>
workflow run <id> [--input JSON]
workflow status <run-id>
workflow logs <run-id> [--step <step-id>]
workflow eval <run-id>
workflow optimize <id> --baseline <run-id>
workflow rollback <id> <opt-run-id>

Setup

  1. Confirm workflow tooling is available (workflow list should succeed).
  2. Scaffold or open the target workflow in /workspace/.harness/workflows/.
  3. Keep active versions on @latest.ts naming when versioned variants exist.
  4. Validate before every run: workflow validate <id>.
  5. For risky changes, capture a baseline run and eval before editing.

Capability Contract Checklist

For each workflow entry, explicitly define:

  • Trigger.
  • Inputs.
  • Outputs.
  • Side effects.
  • Failure modes.
  • Permission scope.

Failure Modes

  • Validation failure from malformed step definitions.
  • Runtime errors in TS/SQL/Bash steps.
  • Missing tool permissions or tool availability.
  • Data shape changes causing parse/cast failures.
  • Timeout/retry exhaustion in external calls.

Security And Permissions

  • Use least privilege by step using allow and block.
  • Declare permissions in the submission contract (no wildcard permissions).
  • Never include raw secrets in skill text, logs, or examples.
  • Treat writes (files, KV, external posts, trading actions) as explicit side effects.

Evidence Expectations

  • Setup path that a reviewer can execute in under 10 minutes.
  • One reproducible run artifact or run log example.
  • Clear statement of expected outputs and acceptable failure behavior.

Optional Directories

workflows/
  SKILL.md
  references/   # implementation and API details
  scripts/      # optional helpers for repeatable checks
  assets/       # optional diagrams/screenshots

Reference Material

Deep technical references are intentionally split out:

  • references/cli-and-definition.md
  • references/eval-optimize-and-artifacts.md
  • references/polymarket-patterns.md

Use these as appendices while keeping this file focused on operational usage.

Files

4 total
Select a file
Select a file to preview.

Comments

Loading comments…