ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Workflow Orchestrator

v1.1.0

Chain skills into automated pipelines with conditional logic, error handling, and audit logging. Define workflows in YAML or JSON, then execute them hands-fr...

1· 1.6k·11 current·12 all-time
byArcSelf@trypto1019
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description (workflow orchestration) align with the included Python script and required binary (python3). It legitimately needs to execute local skill scripts (e.g., scanner, gitops, audit) to implement pipelines.
!
Instruction Scope
SKILL.md promises variable substitution including environment variables ({env.VAR_NAME}) and shows commands with JSON payloads, braces, and other shell characters. The implementation explicitly blocks {env.*} substitutions and rejects many shell metacharacters (including '{', '}', '$', '`', '|', ';', etc.) after substitution. This is an inconsistency: the docs suggest richer substitution and shell-like commands, while the runtime forbids them — templates and examples in SKILL.md likely contain characters that will be blocked. The orchestrator can run arbitrary local commands (expected for its purpose) but that capability means workflows must be trusted and reviewed.
Install Mechanism
No install spec; single Python script included. Instruction-only / script bundle is low-install-risk. YAML support depends on PyYAML being present; otherwise only JSON workflows are supported.
!
Credentials
The skill declares no required environment variables (proportional). However, SKILL.md claims environment variable substitution is available while the code deliberately blocks access to {env.*} and also rejects '$' in commands. This mismatch is confusing and could lead operators to assume environment values will be used when they will not (or remain as literal placeholders).
Persistence & Privilege
Does not request persistent/always-on presence and does not modify other skills' config. It runs with the invoking user's privileges when executing commands (normal for an orchestrator), so workflows will have the same local access rights as the user.
What to consider before installing
This skill is plausible for automating local pipelines, but there are important inconsistencies to address before trusting it: (1) The SKILL.md says you can use {env.VAR_NAME}, but the code blocks env substitution — so environment values will not be injected as documented. (2) The script blocks many shell metacharacters (including '{','}','$', '|', ';', etc.), yet examples and templates include JSON blobs and other characters that will likely cause the orchestrator to 'BLOCK' those steps. (3) The orchestrator executes arbitrary local commands and other skill scripts under your user account — review any workflows and the target scripts (~/.openclaw/skills/...) for sensitive file reads or network calls before running. Recommended precautions: run with --dry-run first, inspect and test workflows and templates locally, verify PyYAML behavior if you use YAML workflows, and only point workflows at trusted skill scripts. If you need environment-variable substitution or JSON payloads in commands, either modify the orchestrator to safely support them or avoid using this skill until those mismatches are fixed.

Like a lobster shell, security has layers — review code before you run it.

latestvk973berdnbb4s9tk260xa0hrrd81ax2h

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔗 Clawdis
OSmacOS · Linux
Binspython3

Comments