ClawHub

Flow

v0.1.4

Intelligent skill orchestrator that compiles natural language requests into secure, reusable workflows

5· 2.7k·5 current·6 all-time
by@bvinci1-design
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the provided components: parser, registry, scanner, composer, and a Streamlit UI. However SKILL.md claims "No external dependencies for core functionality" while requirements.txt lists many heavy external packages (streamlit, spacy, bandit, safety, ast-grep, etc.). That mismatch is plausibly a 'core vs optional' distinction but is unexplained and worth verifying.
Instruction Scope
SKILL.md instructs running flow.py or the Streamlit UI which is consistent with the code. The runtime behavior will scan local skill directories, compute file hashes, compose and write new skill Python files, and update a registry file. The instructions do not request secrets or remote endpoints, but the code will read and write files under configurable paths (skills_directory, output_directory, registry_path) and may generate executable code from templates — which could persist arbitrary code on disk if untrusted inputs/templates are used.
Install Mechanism
There is no install spec in the registry (instruction-only), but the bundle includes a requirements.txt listing non-stdlib dependencies. The absence of an install mechanism combined with the presence of dependencies means the user must manually install packages; this is not dangerous per se but creates friction and a potential mismatch between 'no external deps' claims and reality.
Credentials
The skill declares no required environment variables or credentials and the code does not demand secrets to run. The security scanner looks for cloud/storage/API library usage (boto3, s3, etc.) but those are only detection patterns; the skill does not request or store credentials itself. This is proportionate to the stated purpose.
Persistence & Privilege
The skill writes files (composed flows) and updates a local registry JSON by default (auto_update_registry=true). It will create directories and compute hashes of files under the skills directory. It is not force-included (always:false) and does not request elevated platform privileges, but its default behavior includes persistent changes to your project directory and registry — consider changing registry_path/output_directory or disabling auto registry updates before use.
What to consider before installing
This package mostly does what it says (parse requests, find skills, scan code, and compose new skills), but take these precautions before installing/running: - Review requirements.txt and install dependencies in an isolated environment (virtualenv/container). The README and SKILL.md disagree about dependencies. - Run Flow in a sandbox or non-sensitive workspace first: by default it will read from ./skills, write composed flows to ./flows, and update ./skill_registry.json. If you have an important registry file, back it up or set registry_path in a config to a different location. - The composer can write/generated Python code and can accept templates — do not point it at untrusted templates or inputs that might cause it to write and later execute malicious code. - The code bundle shows signs of truncation/bugs (incomplete variable names / truncated functions). Expect runtime exceptions; review the full source in your environment before trusting automated composition. - Increase the scanner strictness (set security_level to 'strict') if you plan to auto-compose flows from third-party skills; inspect any skills that the scanner marks as HIGH/CRITICAL before composing. - Because the package author and homepage are unknown, prefer to run it locally in an isolated environment and perform a manual code review on any composed flows before executing them. What would change this assessment: receiving the complete, non-truncated source files (showing fixes), a clear statement of which dependencies are optional, and assurance that composed flows do not automatically execute third-party code (only write code for manual review) would raise confidence and could move the verdict toward benign.

Like a lobster shell, security has layers — review code before you run it.

latestvk974a50y1phg9yb0srtv71q4pn80f65yorchestrationvk970mns824x48fy7etqs9wfr6n804bx8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments