auto-workflow

This package appears to be a real workflow engine, but there are several red flags to consider before installing or running it: - Review the included Python script carefully (scripts/workflow-engine.py). It supports shell.exec and unrestricted file operations; do not run workflows you don't fully trust. - The docs reference uploading to cloud/CDN and scheduled automatic runs, but no credentials or installer are declared. Ask the author how to provide credentials safely (use env vars, not hard-coded secrets) and how scheduling is implemented (background service, cron integration, or manual invocation). - Because the engine can execute shell commands and delete/move files, run it in a low-privilege, isolated environment (container or dedicated VM) during evaluation. - If you plan to use cloud upload steps, require the skill to explicitly declare which environment variables/keys it needs and prefer scoped, minimal-permission credentials. - If you need this in production, request an install script or packaging that creates the CLI and a secure mechanism for background scheduling, and ask for provenance (source repo/homepage) — the skill metadata lacks a homepage and origin. If you want, I can: (a) highlight the parts of the script that implement shell execution and network/upload behavior, (b) suggest a minimal safe workflow policy, or (c) propose an environment variable list the skill should require for cloud uploads.