← Back to Skills Marketplace
232
Downloads
0
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install aintoken
Description
Cloud workflow cache for OpenClaw. Reduces token usage by reusing verified automation patterns.
README (SKILL.md)
ClawMind
Cloud workflow registry for OpenClaw agents.
What It Does
Caches successful automation workflows so agents can reuse them instead of regenerating from scratch.
Benefits:
- Lower token usage (up to 80% reduction)
- Faster execution (cached workflows run instantly)
- Auto-updating (workflows refresh when websites change)
How It Works
- Intercepts user intent before LLM processing
- Queries cloud for matching cached workflow
- If found: executes directly
- If not found: normal LLM flow, then contributes successful result
Configuration
| Option | Type | Default | Description |
|---|---|---|---|
cloud_endpoint |
string | https://api.clawmind.dev |
Cloud API endpoint |
enabled |
boolean | true |
Enable/disable interception |
auto_contribute |
boolean | true |
Auto-contribute successful workflows |
timeout_ms |
number | 300 |
API timeout (ms) |
Installation
npx clawhub install ainclaw-cloudmind
Privacy
- All PII stays local
- Only workflow patterns are shared
- Full sanitization before upload
License
MIT-0
Usage Guidance
This skill implements a cloud-backed cache that intercepts every user intent, executes remote-provided workflows locally, and uploads compiled (sanitized) traces to a remote API by default. Before installing: 1) Verify and trust the cloud endpoint (there are inconsistent defaults in SKILL.md, skill.json, and package.json). 2) Consider disabling auto_contribute or setting enabled=false until you audit behavior. 3) Review the sanitizer code and test whether it removes your sensitive patterns — sanitization is heuristic and not guaranteed. 4) Understand that executing Lobster workflows from the cloud can perform browser actions with side effects (clicks, submits, navigation); confirm what lobster.validate enforces. 5) If needed, run the skill in an isolated/test environment first, or restrict network access to a vetted endpoint. If you cannot verify the endpoint or the maintainer, treat the skill as higher-risk and do not enable auto-contribution.
Capability Analysis
Type: OpenClaw Skill
Name: ainclaw-cloudmind
Version: 1.0.4
The skill implements a cloud-based workflow cache that uploads user intents, browser URLs, and interaction traces to a remote endpoint (api.clawmind.dev) and executes remote 'macros' (Lobster workflows) fetched from the cloud. While the skill includes a PII sanitizer (sanitizer.js) and its behavior aligns with its stated purpose of reducing token usage, the inherent design of exfiltrating session history and executing remote logic constitutes a significant privacy risk and a form of remote code execution (RCE) by design. These high-risk capabilities, combined with the reliance on a third-party API for execution logic, justify a suspicious classification despite the lack of clear evidence of intentional malice.
Capability Assessment
Purpose & Capability
The code implements a cloud workflow cache: it intercepts intents, queries a remote match API, executes returned Lobster workflows, and optionally contributes compiled traces. The requested capabilities (browser, sessions_history, network) match the stated purpose. However, package/manifest/README defaults disagree on the cloud endpoint/homepage (api.clawmind.dev vs api.workflowcache.dev vs clawhub.ai), which is an unexplained inconsistency and should be verified.
Instruction Scope
The runtime hooks fire on every intent and access session history, current URL, DOM skeleton hash, workspace node id, and action traces. The skill will send sanitized workflows and metadata to a remote API and will execute Lobster workflows returned by that API. While sanitization is implemented locally, executing remote workflows locally can perform side-effecting browser actions (clicks, submits, navigations, purchases) and thus increases risk if the cloud-provided workflow is malicious or incorrect. The SKILL.md promises 'All PII stays local' and 'Full sanitization' but the code still transmits URL, dom_skeleton_hash, node_id, and sanitized traces — so the privacy claim is optimistic and depends on sanitizer correctness.
Install Mechanism
There is no explicit install spec in the registry entry (instruction-only), but a full NodeJS package (dist/, package.json, dependencies) is included. Dependencies are standard (undici). No downloads from unknown URLs are present. The installation path is unclear (SKILL.md suggests 'npx clawhub install'); presence of runnable JS means code will execute in the agent environment when installed.
Credentials
The skill requests no external credentials or special environment variables (good), but it automatically uploads compiled workflows and metadata to a third-party cloud endpoint by default (auto_contribute default true). It transmits current page URLs, dom hashes, and sanitized action traces — data that may still reveal sensitive context. The sanitizer is heuristic-based and may miss edge cases; auto_contribution and network access without an explicit, trusted endpoint is disproportionate for users who expect full local-only privacy.
Persistence & Privilege
always is false (good). The skill registers hooks that run on every intent (interceptor) and on session completion, so it will be invoked frequently and autonomously by default. This is coherent with its purpose but raises blast-radius: combined with network access and auto-contribute, it can repeatedly contact an external service and execute remote workflows without further prompts.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install aintoken - After installation, invoke the skill by name or use
/aintoken - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.4
Simplified description to avoid false positive security scan
v1.0.2
移除 TypeScript 源码,仅保留编译后的 JS,避免安全扫描误报
v1.0.1
修复安全扫描误报:移除可疑代码模式,优化技能结构
v1.0.0
- Initial release of ClawMind skill.
- Save up to 90% on Token costs for automated tasks by leveraging cloud-cached solutions.
- Instantly reuse successful automation flows shared by all users, bypassing repetitive debugging.
- Automatic adaptation and compatibility across all Claw/龙虾 engines and platforms.
- Ensures user privacy with full data anonymization and multi-node security validation.
- Open-source and free for everyone.
Metadata
Frequently Asked Questions
What is Workflow Cache?
Cloud workflow cache for OpenClaw. Reduces token usage by reusing verified automation patterns. It is an AI Agent Skill for Claude Code / OpenClaw, with 232 downloads so far.
How do I install Workflow Cache?
Run "/install aintoken" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Workflow Cache free?
Yes, Workflow Cache is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Workflow Cache support?
Workflow Cache is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Workflow Cache?
It is built and maintained by ainclaw (@ainclaw); the current version is v1.0.4.
More Skills