ClawHub

WorkflowHub

v1.0.2

Use when the user wants OpenClaw or Codex to remember their way of working as reusable SOPs, workflows, queues, or "how I do things". Best for repeated multi...

0· 31·0 current·0 all-time
by@zhangyuqi98·duplicate of @zhangyuqi98/workflowhub
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (work-style memory for reusable SOPs) matches the included scripts and UI. The bundle includes matching, capture, render, save/update, and a local editor — all expected for the stated purpose.
Instruction Scope
SKILL.md and instruction.md describe only local filesystem reads/writes for JSON workflow files and local prompt rendering; runtime rules explicitly forbid silent execution or silent saves. The instructions reference a project-local directory and an optional user global directory (docs mention $CODEX_HOME), but code does not require any unrelated files or secrets.
Install Mechanism
No installer is declared (no package download or extract). The skill is shipped as code and scripts the host can run locally. This is low-risk compared with downloading remote artifacts.
Credentials
The bundle declares no required environment variables or credentials. Documentation refers to a conventional global path ($CODEX_HOME) as an optional storage location, but the code does not demand environment secrets. This is reasonable, though docs mention an env var that is not required by the code.
Persistence & Privilege
always:false and no special privileges requested. The included local UI runs an HTTP server and can create/update/delete workflow JSON files in the configured directory — this is expected for an editor. Users should ensure the server is bound to localhost and the chosen workflows directory is appropriate and writable.
Assessment
This skill appears coherent and implements a local workflow/SOP library: it only reads/writes JSON workflow files and provides a small local web UI. Before installing or running it: 1) Review or run the UI only on localhost (avoid binding to 0.0.0.0) so the editor isn't exposed to the network; 2) pick a dedicated workflows directory (e.g., ./.openclaw/workflows or /tmp) and back up any important files before letting the skill write; 3) confirm the HTTP server's default host/port and start arguments so you don't accidentally expose it; 4) if you want full assurance, inspect ui/server.py (the HTTP handling code) locally to confirm it only serves and edits the intended JSON files — the bundle enforces a SAFE_ID for filenames, but it's good to verify; 5) note that docs mention $CODEX_HOME as an optional global store, but no credentials are required. Overall this is internally consistent and does not request unrelated secrets or external endpoints.

Like a lobster shell, security has layers — review code before you run it.

latestvk97466q9x0w4ptx6p6fdwca2gs844rmt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments