ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Macro Pipeline

v3.0.0

Create and manage macro-task pipelines (QA, roadmaps, feature rollouts) using PIPELINE.md + HEARTBEAT.md pattern. Use when building multi-step project plans...

0· 343·0 current·0 all-time
by@santacruzg282-cyber
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description match the instructions: the skill manages PIPELINE.md in a project repo and a HEARTBEAT.md in the agent workspace. Required actions (git commits, cron scheduling, heartbeat-driven execution) are appropriate for a pipeline orchestrator. Minor mismatch: instructions use macOS-specific chflags (to lock HEARTBEAT.md) and expect a specific user path (~/Documents/proyectos/) without an OS restriction; these are implementation assumptions rather than capability issues.
Instruction Scope
SKILL.md gives detailed runtime steps (read PIPELINE.md, mark RUNNING/COMPLETED/FAILED, run verify commands, spawn sessions, create git commits, add crons). These are in-scope for an autonomous pipeline manager. Points to watch: it instructs subagents to notify Discord (external endpoint) and to write artifacts/outputs into the repo — both are expected but could expose sensitive outputs if not restricted. It also references internal runtime calls (sessions_spawn) and a CLI (openclaw cron add); those are plausible for this platform but are assumptions the runtime must provide.
Install Mechanism
Instruction-only skill with no install spec or code files — lowest install risk.
Credentials
The skill declares no required environment variables or credentials. It does assume the agent has permissions to commit to repos, run cron commands, lock files, and (optionally) send messages to Discord via whatever integration the agent already has; those are reasonable operational assumptions but you should confirm the agent's connectors/credentials are present and constrained.
Persistence & Privilege
always is false and the skill does not request persistent system-wide modifications beyond using crons and committing to repos under the user's control. It does not modify other skills' configurations. No elevated or force-inclusion privileges are requested.
Assessment
This skill appears to do what it says, but check a few practical things before installing: - Platform: HEARTBEAT.md locking uses chflags (macOS/BSD). If your agents run on Linux, the lock instruction won't work as written. - Permissions: the agent must be allowed to edit the project repo (git commit/tag) and to add crons. Test in a non-production repo first. - External notifications: the skill instructs subagents to send summaries to Discord — make sure your agent's Discord integration/credentials exist and that you're OK with pipeline outputs (artifacts/error text) being posted externally. - Paths: the skill assumes a fixed home-path convention (~/Documents/proyectos/). Adjust PIPELINE/HEARTBEAT paths to match your environment. - Safety: because steps can run shell verify commands and produce artifacts, add guardrails (sanitization, limits on what gets posted) to avoid accidental exposure of secrets. If these assumptions match your environment and you add data-posting safeguards, the skill is coherent for its intended purpose.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🔧 Clawdis
latestvk97dzkz10j5wqyhmgfgp17mwr1826c3j
343downloads
0stars
1versions
Updated 10h ago
v3.0.0
MIT-0
@santacruzg282-cyber
latest
Download

Macro Pipeline Skill v3

Architecture

Two files, two locations:

FileLocationPurposeMutable?
PIPELINE.mdProject repo (~/Documents/proyectos/<project>/)State + progress✅ Yes (subagents update directly)
HEARTBEAT.mdAgent workspace (~/.openclaw/workspace-<agent>/)Instructions (read-only)❌ No (locked with chflags uchg)

Why PIPELINE in the repo?

  • Subagents work in the repo → can update status without cross-path issues
  • Git-trackable (commits show when steps completed)
  • Eliminates zombie steps from path access failures

Why HEARTBEAT in workspace?

  • Operational instructions for the OpenClaw agent
  • Should not contaminate project code
  • Locked to prevent agents from overwriting their own instructions

PIPELINE.md Format

# PIPELINE — <Project Name>: <Pipeline Title>
# Proyecto: ~/Documents/proyectos/<project>
# Objetivo: <one-line goal>
# Creado: YYYY-MM-DD

## Step 1: <Title> [PENDING]
- engine: claude-code
- description: <what to do>
- files: <key files to touch>
- verify: <command that proves step is done>
- artifacts: <outputs for next steps>

## Step 2: <Title> [PENDING]
- engine: claude-code
- depends_on: [1]
- description: <what to do>
- verify: <verification command>

Status values:

  • [PENDING] — not started
  • [RUNNING YYYY-MM-DDTHH:MM] — in progress (with timestamp)
  • [✅ COMPLETED] — done
  • [FAILED] — failed (include error reason)
  • [BLOCKED] — waiting on human or external dependency

Step fields:

  • engine:claude-code | human | deploy
  • depends_on: — list of step numbers that must be ✅ first
  • parallel: — list of steps that can run simultaneously
  • verify: — shell command to validate completion
  • artifacts: — outputs passed to dependent steps
  • files: — key files modified

HEARTBEAT.md Format

# HEARTBEAT — <Agent Name>

> ⚠️ NUNCA modifiques este archivo (HEARTBEAT.md). Es read-only.

## Pipeline activo: ~/Documents/proyectos/<project>/PIPELINE.md

## Protocolo cada heartbeat:
1. Lee el pipeline activo (ruta absoluta arriba)
2. Si hay step [PENDING] sin dependencias bloqueadas → ejecútalo
3. Marca [RUNNING YYYY-MM-DDTHH:MM] con timestamp actual
4. Ejecuta: sessions_spawn(task=..., thread=true)
5. Un step por heartbeat máximo

## Zombie Detection
Si un step lleva >2h en [RUNNING], resetear a [PENDING] y reportar.

## En sesión activa con usuario
Priorizar responder. HEARTBEAT_OK.

Cron Setup

Always use CLI, never edit openclaw.json:

openclaw cron add --name "<Project> Pipeline" --agent <agent-id> --every 30m --message "Heartbeat: lee HEARTBEAT.md y ejecuta siguiente step"

Stagger schedules to avoid collisions:

  • :00/:30 → Group A
  • :15/:45 → Group B

Subagent Task Template

Include in the task prompt:

Al terminar:
1. Actualiza <absolute-path-to-PIPELINE.md>: cambia Step X de [RUNNING] a [✅ COMPLETED] con output y artifacts
2. Si fallas, marca [FAILED] con el error
3. Notifica a Discord (action=send, channel=discord, target="channel:<id>") con resumen

Multiple Pipelines Per Project

An agent can have multiple pipeline files. HEARTBEAT specifies priority order:

Lee PIPELINE_ACTIVE.md (prioritario). Si todos completados, lee PIPELINE.md como fallback.

Parallel Execution

Steps sin dependencias cruzadas pueden ejecutarse en paralelo:

## Step 1: Task A [PENDING]
- parallel: [2, 3]

## Step 2: Task B [PENDING]
- parallel: [1, 3]

## Step 3: Task C [PENDING]
- parallel: [1, 2]

## Step 4: Task D [PENDING]
- depends_on: [1, 2, 3]

El heartbeat puede lanzar múltiples steps paralelos en un mismo ciclo si no hay dependencias.

Git Tagging

Cada step completado debe crear un commit taggeado:

git add . && git commit -m "pipeline/<project>/step-<N>: <step title>"

Esto da trazabilidad completa del progreso en git log.

Key Rules

  1. PIPELINE.md siempre en el repo — nunca en workspace
  2. HEARTBEAT.md siempre en workspace — nunca en repo
  3. HEARTBEAT es immutable — locked con chflags uchg
  4. Crons vía CLIopenclaw cron add, nunca editar openclaw.json
  5. Un step por heartbeat — evita saturación (salvo paralelos explícitos)
  6. verify: obligatorio — cada step debe tener comando de verificación
  7. Rutas absolutas — siempre usar ~/Documents/proyectos/... en HEARTBEAT
  8. Git tag por step — commit con pipeline/<project>/step-<N>: <title>
  9. Parallel explícito — steps sin dependencias pueden correr en paralelo si tienen parallel:

Comments

Loading comments...