Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Openclaw Workflow Publish
v1.0.3OC-Flow:为你的 OpenClaw 注入"确定性"灵魂。OC-Flow 完全嵌入在 OpenClaw 体系内,赋予 Agent 完整的流程控制能力:条件分支、循环遍历、精准等待、状态管理。通过 YAML 剧本实现固定流程、多步循环、严苛逻辑的任务。适用场景:财务办公、开发运维、个人助理。
⭐ 0· 156·0 current·0 all-time
by铲屎将军@wlmh110
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to be a deterministic workflow engine and the included code implements engine/bridge/dashboard functionality, which is consistent. However the bridge relies on calling the OpenClaw gateway CLI and reading OpenClaw config files (~/.openclaw/openclaw.json and sessions index) while the declared requirements only list python3 and 'Required config paths' is empty. The skill should have declared that it expects an 'openclaw' CLI/gateway and access to the user's OpenClaw config directory; omission is an incoherence.
Instruction Scope
Runtime instructions and code allow executing arbitrary shell commands (script nodes), inline Python (code nodes), HTTP requests, sending messages (channels/targets), and spawning subagents. These are expected features for a workflow engine, but they give the skill the ability to read environment variables, access files under ~/.openclaw, call external endpoints, and execute arbitrary commands supplied in YAML. The SKILL.md states the dashboard will 'not recursively read the entire workspace' but the dashboard code recursively rglob() under the workflows directory — a minor mismatch but indicative of documentation/code drift.
Install Mechanism
No install spec is present (instruction-only style), so nothing is automatically downloaded or installed by the registry. Dependencies are managed via a requirements.txt and the README suggests pip install -r scripts/requirements.txt; that is a moderate, expected pattern for Python projects.
Credentials
Declared requirements list no env vars or config paths, but the code (bridge.py) reads ~/.openclaw/openclaw.json (possibly containing gateway token/port) and accesses session index files. The engine also exposes template interpolation of {{env.VAR}}. The skill therefore expects access to OpenClaw configuration and local file paths without declaring them — an undeclared sensitive access pattern.
Persistence & Privilege
always:false (good). The skill writes/reads workflows and run history (WORKFLOW_DIR / RUNS_DIR) and manages session keys and factory sessions. It may create and later clean up session artifacts via the gateway CLI. That is within the scope of a workflow engine, but because it interacts with shared OpenClaw sessions and can invoke gateway actions, users should consider the blast radius if the skill is later invoked autonomously.
What to consider before installing
This skill is a full-featured workflow engine that will run arbitrary shell commands and inline Python from YAML, perform HTTP requests, send messages to external targets, and interact with your OpenClaw Gateway/sessions files. Before installing:
- Confirm you have (and want the skill to use) the OpenClaw CLI/gateway and that your ~/.openclaw/openclaw.json is accessible; the code expects to read that file but the skill metadata does not declare this requirement.
- Inspect scripts/engine/sandbox.py and engine/nodes.py to verify how 'code' nodes are sandboxed — inline Python may be able to access files/network unless properly restricted.
- Be aware workflows can include script nodes that run arbitrary shell commands and HTTP nodes that can exfiltrate data; only run workflows from trusted sources and consider running the skill in an isolated environment or container.
- If you rely on other OpenClaw sessions or skills, note the bridge manipulates sessions and factory child sessions; review cleanup behavior to ensure it won't affect unrelated sessions.
- Ideally the publisher should update metadata to declare dependence on the 'openclaw' CLI and the ~/.openclaw config paths, and clarify dashboard scanning behavior. If you need higher assurance, request the maintainer to document sandbox guarantees and to limit undocumented access to OpenClaw configs.scripts/engine/context.py:203
Dynamic code execution detected.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97fj8as47n5k843nds3r4gmx5835k67
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔀 Clawdis
Binspython3