Antfarm Workflows
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This skill is not overtly malicious, but it directs use of an unreviewed local CLI that can install persistent autonomous cron agents to change code and create PRs.
Before installing, confirm the Antfarm CLI source and inspect what it installs. Only run workflows on a clearly scoped repository and branch, require explicit approval for PR creation or force-triggering, monitor the cron jobs, and verify the uninstall process removes all background agents and stored workflow data.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installed workflows may keep running in the background and continue work even when the user is not actively supervising.
This documents long-lived autonomous agents that keep polling and acting outside a single interactive request.
Agents have cron jobs (every 15 min, staggered) that poll for pending steps ... No central orchestrator — agents are autonomous
Use only with explicit approval, verify how to stop and remove all cron jobs/dashboard/database state, and monitor runs until completion.
The user cannot tell from these artifacts what the invoked CLI will actually do on their machine.
The main installation path runs a local Node CLI, but the supplied package is instruction-only with no reviewed code or install spec, so the code that creates agents, cron jobs, the DB, and dashboard is not validated here.
node ~/.openclaw/workspace/antfarm/dist/cli/cli.js install
Review the Antfarm CLI source and installation provenance before running the install command, especially because it creates persistent automation.
A workflow could make broad project changes or advance into PR creation with insufficient containment if the task is underspecified.
The documented workflows can perform code-changing and PR-producing actions, and the skill also exposes a way to manually trigger agent cron jobs without clear per-step approval boundaries.
feature-dev | plan -> setup -> develop (stories) -> verify -> test -> PR -> review ... To skip the 15-min cron wait, use the `cron` tool with `action: "run"`
Require explicit user approval for the target repo, branch, acceptance criteria, and any PR-creating or force-triggered steps.
Task details, code context, or accidental secrets placed in agent outputs may persist and be consumed by other workflow agents.
The workflow intentionally shares task context between agents through stored outputs, which is purpose-aligned but means details from one step can be reused by later agents.
Context passes between steps via KEY: value pairs in agent output
Avoid putting secrets in task strings or agent outputs, and confirm where the SQLite database is stored and how it is cleaned up.