ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Auto Workflow 1.0.0 (1)

v1.0.0

Builds automation workflows from repetitive tasks. Use when user mentions "automate", "save time", "reduce manual work", or has repeated tasks.

0· 52·1 current·1 all-time
by@zhangyingzhuangk·duplicate of @zhangyingzhuangk/auto-workflow-1-0-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description align with the SKILL.md: the skill is about building automations. However, the instructions explicitly mention collecting data (e.g., '系统状态') and producing '执行脚本' (execution scripts) — activities that normally require filesystem/command access or credentials. The skill declares no required binaries, env vars, or config paths, so the implied need for system access is not documented.
!
Instruction Scope
SKILL.md instructs the agent to treat repetition as a trigger to '直接做,不等用户要求' (do it immediately rather than waiting for user request). It also prescribes generating automation and execution scripts and collecting system data in examples. These are broad runtime actions (read system state, write/execute scripts) but the instructions lack limits, explicit consent steps, or safe-handling guidance — scope creep and potential for unauthorized actions.
Install Mechanism
Instruction-only skill with no install spec, no code files to run, and nothing written to disk by the installer. This minimizes supply-chain/install risk.
Credentials
The skill requests no environment variables, credentials, or config paths. That is consistent with the package metadata, but inconsistent with the SKILL.md's operational examples (collecting system state, creating scripts). The skill may therefore implicitly require access it does not declare.
!
Persistence & Privilege
The skill is allowed to be invoked autonomously (platform default). Combined with the instruction to proactively 'just do it' when repeating tasks are observed, this raises risk that the agent could autonomously create/execute automations without explicit user confirmation. The skill itself does not set 'always:true', but its guidance effectively encourages autonomous actions.
What to consider before installing
This skill is coherent in purpose but vague and potentially risky at runtime. Before installing, confirm with the author how the agent will behave: Will it merely propose automations or will it create, write, or execute scripts? Ask for explicit limits and consent steps (e.g., 'always ask before creating or running a script'), and prefer a version that documents required permissions and exactly what system data it will access. If you enable it, test in a restricted/sandboxed environment first and ensure the agent cannot execute scripts or access sensitive files without your explicit approval.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c719gjct540f2d7mkjf09jh84tqfw
52downloads
0stars
1versions
Updated 5d ago
v1.0.0
MIT-0
@zhangyingzhuangk
latest
Download

Auto Workflow

把重复任务自动化的能力。

能力轮廓

  • 输入:重复性任务/手动操作
  • 输出:自动化工作流 + 执行脚本
  • 核心逻辑:识别 → 抽象 → 自动化 → 测试

工作流

1. 观察 - 用户在重复做什么?
2. 抽象 - 这个任务的模式是什么?
3. 设计 - 怎么自动完成?
4. 实现 - 写脚本/配置
5. 测试 - 小范围验证
6. 优化 - 迭代改进

示例

用户每周手动发周报:

  1. 收集数据(系统状态)
  2. 整理成模板
  3. 发送邮件

自动化后:

  • 每周五自动执行
  • 收集本周数据
  • 生成报告
  • 自动发送

思维模式

不是"回答问题",而是"看到重复→立刻构建自动化"

遇到重复操作时:

  • 问自己:能否写成脚本?
  • 问自己:下次能否自动跑?
  • 直接做,不等用户要求

Comments

Loading comments...