Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Auto Workflow
v1.0.0Builds automation workflows from repetitive tasks. Use when user mentions "automate", "save time", "reduce manual work", or has repeated tasks.
⭐ 1· 2.5k·21 current·22 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The name and description match the SKILL.md: it aims to identify repetitive tasks and produce automation workflows and scripts. However, the skill gives examples (collect system status, generate reports, send email) that would normally require access to systems, credentials, or external services — none of which are declared in the manifest. That lack of stated dependencies is a notable omission but not necessarily malicious on its own.
Instruction Scope
SKILL.md explicitly tells the agent to 'see repetition → immediately construct automation' and '直接做,不等用户要求' (do it directly, don't wait for the user). It also describes collecting system state, writing scripts, and executing them. These instructions are broad and grant the agent significant discretion to read state, create/execute code, and potentially transmit outputs, without specifying boundaries, consent steps, or what data sources are allowed.
Install Mechanism
This is an instruction-only skill with no install spec and no code files. That minimizes supply-chain risk because nothing is downloaded or written by an install step.
Credentials
The skill implies needs (email sending, collecting system data, running scripts) that typically require credentials, API keys, or file/system access, but requires.env and primary credential fields are empty. The manifest does not declare any sensitive env vars nor config paths, creating an incoherence between intended actions and requested privileges.
Persistence & Privilege
always is false (good). However, SKILL.md's instruction to proactively act when it detects repetition combined with the platform-default ability for skills to be invoked autonomously increases the operational risk: the agent could autonomously create and run automations unless additional guardrails are applied. The skill does not request persistent presence or attempt to modify agent-wide config, which reduces severity.
What to consider before installing
This skill describes building automations and explicitly tells the agent to act immediately when it notices repetition. Before installing, consider: 1) The skill gives no details about required credentials (SMTP, API keys, system access) yet implies it will collect system state and send messages — clarify which services it will use and how credentials are provided. 2) The instructions encourage autonomous execution of generated scripts; require an explicit approval step (review & run) before the agent executes anything. 3) Test generated automations in a sandbox before granting access to production systems or real accounts. 4) If you need stricter control, disable autonomous invocation or request the author add explicit consent and scope limits in SKILL.md (which systems to access, what data may be read, how outputs are delivered). Given these mismatches and the proactive behavior, treat this skill with caution — it's not obviously malicious but is ambiguous and could perform unintended actions.Like a lobster shell, security has layers — review code before you run it.
latestvk978z97xywd2xs7er9yg2mcep5822tm9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.