ClawHub

ToolFlow OpenClaw Operator

v0.3.0

Enables running jobs as durable, stepwise ToolFlow workflows with approvals, recovery, and progress tracking via OpenClaw integration.

0· 63·0 current·0 all-time
by@mcg-tries-to-code

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for mcg-tries-to-code/toolflow-openclaw-operator.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "ToolFlow OpenClaw Operator" (mcg-tries-to-code/toolflow-openclaw-operator) from ClawHub.
Skill page: https://clawhub.ai/mcg-tries-to-code/toolflow-openclaw-operator
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install toolflow-openclaw-operator

ClawHub CLI

Package manager switcher

npx clawhub@latest install toolflow-openclaw-operator
Security Scan
Capability signals
CryptoRequires walletCan sign transactionsRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the actual contents: the skill bundles a ToolFlow OpenClaw plugin and installer scripts. However the registry metadata declares no required binaries while the included scripts expect an openclaw CLI and node to be present; that mismatch is likely an oversight in metadata rather than malicious behavior.
Instruction Scope
SKILL.md instructs the agent/operator to run installer and verification scripts that link the bundled plugin into OpenClaw and run doctor/validate checks. The runtime instructions do not ask the agent to exfiltrate data or read unrelated system state. Note: example workflows include 'read_file' steps and one example references absolute user paths (/Users/jarvis/...), so example workflows could read local files if executed.
Install Mechanism
There is no remote download: the plugin/runtime payload is bundled in the skill and the installer uses openclaw plugins install --link and local node scripts. No external URLs, shorteners, or archive extraction from unknown hosts are used.
Credentials
The skill requests no environment variables or credentials. The bundled plugin explicitly models 'elevated' actions (exec_command, apply_patch) and a configurable 'progressUpdates.sink' that can be set to run a command — these are expected for a workflow operator but grant the plugin the ability to execute shell commands if 'enableElevated' is turned on or misconfigured. Ensure you only enable elevated features and allowed commands intentionally.
Persistence & Privilege
always:false (normal). Installing the skill runs openclaw plugins install --link, which registers the bundled dist/entry.js as an OpenClaw extension — this gives the plugin code execution inside OpenClaw. That behavior is consistent with an operator skill, but it is a significant privilege within your OpenClaw instance and should be reviewed before enabling.
Assessment
This package appears to do what it claims: it bundles a ToolFlow plugin and provides scripts to link it into OpenClaw. Before installing: (1) be aware the installer expects the openclaw CLI and node on your host (metadata omitted these requirements); (2) review the bundled dist/entry.js and runtime-cli.js (they are included) or run the installer in an isolated environment if you cannot audit them fully; (3) do not enable 'enableElevated' or broad 'elevatedAllowedCommands' unless you trust the plugin and want it to run shell commands on your host; (4) watch out for example workflows with absolute paths (they are examples and not auto-run, but if executed they can read local files); and (5) prefer to install only from a known source (canonical GitHub repo cited) and confirm upstream provenance if possible.

Like a lobster shell, security has layers — review code before you run it.

latestvk9769nh02g9zqf2z07py0s889h85db52
63downloads
0stars
4versions
Updated 4d ago
v0.3.0
MIT-0
@mcg-tries-to-code
latest
Download

ToolFlow OpenClaw Operator

Use this skill when work should be run as a ToolFlow job rather than improvised inside a single agent turn.

What this skill is

This is the OpenClaw-facing operator wrapper for ToolFlow.

It is meant to complement the ToolFlow runtime and plugin surfaces by teaching the agent when a job should be expressed as a bounded workflow with durable state, approvals, recovery, and progress visibility.

Quick install

This package now ships with a bundled local ToolFlow plugin/runtime payload.

After installing the skill from ClawHub, run from the installed skill folder:

./scripts/install-toolflow-openclaw.sh
./scripts/verify-toolflow-openclaw.sh

The installer links the bundled ToolFlow plugin into OpenClaw locally, using the payload included with this skill package.

Canonical runtime repository:

When to use ToolFlow

Prefer ToolFlow when the job benefits from one or more of the following:

  • a durable run id
  • an explicit step graph
  • dry-run classification before execution
  • exact approval boundaries for elevated work
  • receipts, manifests, and recovery
  • user-visible progress updates during longer execution

Typical examples:

  • multi-step diagnostics
  • bounded automation runs
  • workflows that may pause for approval and resume later
  • jobs where recovery after interruption matters
  • longer builds where the user should receive progress updates

Do not bother when the work is a trivial one-off read or edit.

Operator loop

  1. Frame the work as a narrow, typed workflow.
  2. Dry-run it when feasible.
  3. Submit the workflow through ToolFlow.
  4. Inspect manifest state rather than guessing from conversation.
  5. If a step requires approval, approve the exact step and resume.
  6. If interrupted, recover before replay.

Required habits

  • Prefer safe typed lanes before elevated lanes.
  • Keep workflows small, explicit, and reviewable.
  • Treat the ToolFlow ledger as canonical truth.
  • Do not silently widen workflow scope during execution.
  • Keep long-running work observable rather than silent.

Important packaging note

This skill now bundles the local ToolFlow plugin/runtime payload needed for OpenClaw installation.

It still pairs best with:

  • the ToolFlow authoring layer when workflow construction help is needed
  • the canonical ToolFlow repository for source, updates, and documentation

Canonical source repository:

Comments

Loading comments...