Workflow Engine
v0.1.0DAG-based workflow engine supporting sequential, conditional, and parallel tasks with checkpoint persistence and event-driven execution.
⭐ 0· 58·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the included source and examples. The repo provides a DAG implementation, executor, engine API, examples, tests, and checkpoint files — all expected for a workflow engine. No unrelated environment variables, binaries, or external service credentials are requested.
Instruction Scope
SKILL.md and examples instruct running npm and importing the local source; runtime behavior stays within the stated domain. Important: the engine executes task functions you provide (node.execute / parallel tasks), which run arbitrary JavaScript in the host Node process. The engine also reads/writes checkpoint files (default './checkpoints'). Users should be aware that tasks can access the filesystem and process environment at the same privilege level as the Node process.
Install Mechanism
No install spec in registry; SKILL.md suggests running 'npm install' but package.json lists no external dependencies. No downloads from untrusted URLs or extract operations are present. Running npm in this package is low-risk, but standard precautions apply (review package.json — it has no dependencies).
Credentials
The skill requests no environment variables, credentials, or config paths. Its file I/O is limited to a checkpoint directory (configurable), which aligns with its stated persistence feature.
Persistence & Privilege
always:false and no system-wide modifications are requested. The engine persists execution state to disk (checkpoint files in checkpointDir). This persistence is expected for checkpoint/resume semantics but means the skill will write files to the host filesystem where it runs.
Assessment
This skill appears coherent with its stated purpose, but review these points before installing: (1) It will run Node code (task 'execute' functions) you register — those functions run with the same privileges as the Node process, so do not run untrusted workflows. (2) It writes checkpoint files to the configured checkpointDir (default './checkpoints'); ensure that path is acceptable and not pointed at sensitive locations. (3) Package.json has no dependencies, but you should still run npm install and inspect package files locally in an isolated environment first. (4) If you plan to import workflows from others, audit the task code for filesystem, network, or process access. (5) For increased safety, run examples/tests in a sandbox or container and avoid running on production hosts until you’re comfortable with behavior.Like a lobster shell, security has layers — review code before you run it.
latestvk97f6s3qmm4sd1t62cs6nsqm3d83qxkq
License
MIT-0
Free to use, modify, and redistribute. No attribution required.