OpenClaw Workflow Architect
AdvisoryAudited by VirusTotal on Mar 29, 2026.
Overview
Type: OpenClaw Skill Name: openclaw-workflow-architect Version: 1.0.0 The bundle is a legitimate architectural assistant designed to help users design and generate OpenClaw workflows (Lobster and OpenProse). It contains comprehensive documentation, technical specifications, and well-structured templates (e.g., curriculum-pipeline.md, gate-approval.md) that follow best practices for human-in-the-loop approvals and AI orchestration. No evidence of data exfiltration, malicious execution, or harmful prompt injection was found; all instructions and examples are strictly aligned with the stated purpose of workflow design and analysis.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a generated workflow is run, it may execute local commands or make file changes in the user's environment.
The skill's reference material centers on generating workflows that can run local CLI commands. This is expected for Lobster workflows and is paired with approval-gate guidance, but users should still inspect generated commands before execution.
Lobster là workflow shell cho phép OpenClaw chạy chuỗi lệnh CLI nhiều bước ... với các cổng phê duyệt tường minh.
Review generated .lobster/.prose files, keep approval gates before side effects, and restrict commands and file paths to the intended workspace.
A remote or untrusted .prose file could direct an agent to take actions the user did not intend if run without review.
The OpenProse reference documents loading and running remote .prose programs and explicitly warns that .prose should be treated like code. This is disclosed and purpose-aligned, but it creates provenance risk if users run remote workflows.
`/prose run https://...` | Tải từ URL và chạy ... Coi file `.prose` như mã lệnh. Xem xét kỹ trước khi chạy
Run only trusted .prose files, prefer local reviewed copies, and use tool allowlists when executing workflows from external sources.
Workflow state, prompts, outputs, or optional database credentials could remain in project files or logs after a run.
The reference documents persistent OpenProse state in the workspace and warns that optional PostgreSQL credentials can appear in agent logs. This is disclosed, but users should treat stored state and logs as sensitive.
Trạng thái được lưu trong `.prose/` trong workspace ... Bảo mật PostgreSQL: Thông tin xác thực hiển thị trong nhật ký tác nhân.
Keep .prose state out of public repositories, avoid placing secrets in workflow context, and use least-privileged dedicated database credentials if database-backed state is enabled.