Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Workflow Decomposer
v1.0.0工作流任务拆解与模型编排技能。使用场景:(1) 收到复杂工作任务需要拆解为可执行步骤,(2) 需要为不同步骤选择最合适的模型,(3) 需要跟踪工作流进度和模型使用情况,(4) 长时间任务卡住需要问题诊断和解决方案。
⭐ 0· 676·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (workflow decomposition + model orchestration) aligns with the included templates and two Python scripts that manage workflow state. Nothing in the bundle requests unrelated credentials or system access. Minor mismatch: README and some wording imply the skill can '自动触发' (auto-trigger), but the published flags do not set always:true and there is no install-time trigger mechanism—this is an inconsistency in documentation rather than a technical risk.
Instruction Scope
SKILL.md stays focused on decomposition, model selection, progress tracking and stuck-step diagnosis. It does not instruct reading secrets or contacting external endpoints. The included scripts read/write workflow-state.json (or workspace/memory/workflow-state.json) — so the skill will persist state to the agent/workspace filesystem. The docs also reference web_fetch/web_search and runtime model availability as capabilities to choose models, but the skill does not require or configure network access; this is a functional assumption in the instructions that may not hold in all runtimes.
Install Mechanism
No install spec; this is primarily instruction + small local scripts. No downloads or third-party package installs are performed by the skill bundle itself.
Credentials
The skill declares no required environment variables, no credentials, and no special config paths beyond writing/reading local state files. The lack of secret access is proportional to the stated purpose.
Persistence & Privilege
The skill is not always-enabled and allows model invocation (normal). It does persist workflow state to files in the working directory (workflow-state.json) and to workspace/memory/workflow-state.json when using workflow_tracker.py. Writing to the workspace is expected for progress tracking but users should be aware files will be created/modified.
Assessment
This skill appears coherent and non-malicious, but review these before installing: (1) it writes state files (workflow-state.json or workspace/memory/workflow-state.json) to your agent/workspace — if you need to avoid writes run it in an isolated workspace or inspect/redirect those paths; (2) the skill prefers Alibaba Qwen models in its templates — ensure the runtime has those models available or edit templates to target models you trust; (3) documentation mentions auto-triggering and web_fetch capabilities but there is no install-time trigger or network integration in the bundle — if you expect automatic background runs or network fetches, verify the runtime behavior; (4) no secrets or external URLs are requested by the skill. If you want higher assurance, open and read the two Python scripts (they are short) and confirm the file paths used are acceptable, or run them in a sandboxed environment. If the publisher or homepage are unknown and you require provenance, prefer skills with a known source or more metadata.Like a lobster shell, security has layers — review code before you run it.
latestvk97b223sd5nv1qn63sf7xkxk5n826fha
License
MIT-0
Free to use, modify, and redistribute. No attribution required.