OpenClaw Workflow Architect
PassAudited by ClawScan on May 1, 2026.
Overview
This is an instruction-only workflow design skill; its sensitive parts are disclosed examples for creating and running OpenClaw workflows, so users should review generated workflows before executing them.
Install is reasonable if you want workflow-design help, but treat any generated .lobster or .prose file as executable automation: read it first, verify any package or remote workflow source, keep commands scoped to the project, and avoid exposing secrets in OpenProse state or logs.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a generated workflow is run, it may execute local commands or make file changes in the user's environment.
The skill's reference material centers on generating workflows that can run local CLI commands. This is expected for Lobster workflows and is paired with approval-gate guidance, but users should still inspect generated commands before execution.
Lobster là workflow shell cho phép OpenClaw chạy chuỗi lệnh CLI nhiều bước ... với các cổng phê duyệt tường minh.
Review generated .lobster/.prose files, keep approval gates before side effects, and restrict commands and file paths to the intended workspace.
A remote or untrusted .prose file could direct an agent to take actions the user did not intend if run without review.
The OpenProse reference documents loading and running remote .prose programs and explicitly warns that .prose should be treated like code. This is disclosed and purpose-aligned, but it creates provenance risk if users run remote workflows.
`/prose run https://...` | Tải từ URL và chạy ... Coi file `.prose` như mã lệnh. Xem xét kỹ trước khi chạy
Run only trusted .prose files, prefer local reviewed copies, and use tool allowlists when executing workflows from external sources.
Workflow state, prompts, outputs, or optional database credentials could remain in project files or logs after a run.
The reference documents persistent OpenProse state in the workspace and warns that optional PostgreSQL credentials can appear in agent logs. This is disclosed, but users should treat stored state and logs as sensitive.
Trạng thái được lưu trong `.prose/` trong workspace ... Bảo mật PostgreSQL: Thông tin xác thực hiển thị trong nhật ký tác nhân.
Keep .prose state out of public repositories, avoid placing secrets in workflow context, and use least-privileged dedicated database credentials if database-backed state is enabled.