Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Workflow
v1.0.0Build automated pipelines with reusable components, data flow between nodes, and state management.
⭐ 3· 2.1k·33 current·36 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (build automated pipelines) matches the instructions and many example flow scripts. The required binaries (jq, yq, curl, uuidgen, flock) are reasonable for this purpose. However, the docs repeatedly reference the macOS `security` keychain tool, fswatch/inotifywait, and runtime env vars like PUSHOVER_TOKEN/PUSHOVER_USER which are not listed in the declared required binaries or required env vars — this mismatch is unexpected.
Instruction Scope
SKILL.md and the component files instruct the agent to read secrets (via macOS keychain 'security') and to make network calls to arbitrary external services (e.g., api.example.com, pushover endpoints). Those actions are consistent with a workflow integrator, but the instructions also assume access to local keychain and to environment variables without declaring them. The webhook and webhook-server.sh example will write incoming payloads into the workspace and spawn background runs — this can cause external data to be stored and executed locally and should be audited for any workflows you add.
Install Mechanism
This is instruction-only with no install spec or remote downloads, so there is no additional install-time code being written or executed by the skill bundle itself.
Credentials
The skill does not declare any required environment variables but references runtime secrets in two forms: environment variables (e.g., PUSHOVER_TOKEN, PUSHOVER_USER) and OS keychain secrets accessed via `security find-generic-password`. Relying on the system keychain without declaring that requirement (nor including the `security` binary in required bins) is an incoherence. Requesting access to system-stored secrets is proportionate for an integration skill only if documented; here that documentation is inconsistent.
Persistence & Privilege
always:false (normal). The skill is instruction-only and does not request permanent platform privileges or to modify other skills or system-wide agent settings. It instructs workflows to create files under the workspace (workflows/...), which is expected for this kind of tool.
What to consider before installing
This skill describes a local, shell-based workflow system and will (by design) read secrets and call external APIs. Before installing: 1) Verify how you will supply secrets — the docs use macOS keychain (`security`) and also expect env vars like PUSHOVER_TOKEN; ensure those are intentional and available. 2) Inspect any workflow folders (workflows/flows/*) and each run.sh before running — run.sh executes curl and other commands and may call external endpoints. 3) If you are on Linux, check how secrets should be stored (the docs assume macOS keychain). 4) Be cautious about enabling incoming webhooks: the webhook example writes incoming payloads into the workspace and executes run.sh in the background. 5) If you need least privilege, limit network access and review/approve any external service credentials used by workflows. The skill appears to implement what it claims, but the omissions around declared binaries and env vars are reasons to inspect and harden before use.Like a lobster shell, security has layers — review code before you run it.
latestvk97dw8h4cz01mka9yh7x4q1p5x81672x
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
⚡ Clawdis
OSLinux · macOS
Binsjq, yq, curl, uuidgen, flock