← Back to Skills Marketplace

coze-workflow-runner

Name: coze-workflow-runner
Author: hanjin714

by beilunjuzhen · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

141

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install coze-workflow-runner

Description

调用 Coze 工作流执行自动化任务，支持生成图片、处理数据等操作

README (SKILL.md)

Coze 工作流运行器

概述

通过 Coze API 调用工作流，执行自动化任务。目前支持生成宠物知识卡片等图像生成工作流。

快速开始

1. 配置令牌

服务令牌存储在：~/workspace-prod/coze/coze-tokens.md

首次使用时确认令牌有效。

2. 查看可用工作流

工作流列表存储在：~/workspace-prod/coze/workflows.md

包含每个工作流的 ID、链接和用途说明。

3. 调用工作流

使用 cozepy 库调用：

import cozepy

# 认证
auth = cozepy.TokenAuth(token='你的服务令牌')
coze = cozepy.Coze(auth=auth, base_url='https://api.coze.cn')

# 调用工作流
response = coze.workflows.runs.create(
    workflow_id='工作流ID',
    parameters={'input': '输入参数'}
)

现有工作流

短视频文案拆解（13层逻辑）

工作流 ID: 7610429408704413759
用途: 通过13层逻辑拆解短视频文案，输入抖音口令链接即可提取并分析底层逻辑
输入: 抖音口令链接（如 7:/ xxx）
返回: 短视频文案内容 + 13层逻辑拆解结果

调用示例:

import cozepy

auth = cozepy.TokenAuth(token='你的服务令牌')
coze = cozepy.Coze(auth=auth, base_url='https://api.coze.cn')

response = coze.workflows.runs.create(
    workflow_id='7610429408704413759',
    parameters={'input': '7:/ xxx:】'}
)

生成宠物知识卡片

工作流 ID: 7610527662062665754
用途: 生成宠物知识卡片图片（5张）
输入: 宠物名称和描述文本
返回: 5个图片 URL（短链接形式）

调用示例:

import cozepy

auth = cozepy.TokenAuth(token='你的服务令牌')
coze = cozepy.Coze(auth=auth, base_url='https://api.coze.cn')

response = coze.workflows.runs.create(
    workflow_id='7610527662062665754',
    parameters={'input': '布偶猫宠物知识卡片：布偶猫又称布拉多尔猫，是体型和体重最大的猫品种之一。'}
)

# 返回: {"output": ["https://s.coze.cn/t/xxx/", ...]}

处理返回的短链接

工作流返回的是短链接，需要跟随跳转才能获取真实图片 URL：

import subprocess

urls = response['data']['output']
for i, url in enumerate(urls, 1):
    # curl -L 自动跟随跳转，直接下载图片
    subprocess.run(['curl', '-sL', url, '-o', f'pet_card_{i}.png'])

资源

配置目录

~/workspace-prod/coze/coze-tokens.md - 服务令牌
~/workspace-prod/coze/workflows.md - 工作流列表

最后更新：2026-03-24

Usage Guidance

Things to check before installing or running this skill: - Confirm where your Coze service token is stored. The SKILL.md says ~/workspace-prod/coze/coze-tokens.md but the script reads /Users/hanjin/.openclaw/... — that hardcoded developer path is suspicious. Do NOT place high-privilege tokens in a file that this script might read. Use a dedicated service token with limited scope. - Ask the author to declare the credential (primaryEnv or required config path) and to remove hardcoded, user-specific paths. Prefer explicit configuration (env var or configurable path) over hardcoded filesystem locations. - Verify dependencies (cozepy, curl) will be available in your runtime; missing deps could cause fallback behaviors. - Be cautious about automatic downloads of workflow output URLs: outputs are short links and the skill's instructions and script will follow redirects and download content. Review outputs before auto-downloading to avoid fetching malicious payloads. - If you must run it, run in an isolated environment (throwaway account or container) and inspect the token file contents and code modifications first. If the developer cannot explain the path mismatch, treat it as unsafe.

Capability Analysis

Type: OpenClaw Skill Name: coze-workflow-runner Version: 1.0.0 The skill bundle contains a Python script (scripts/run_workflow.py) with a hardcoded absolute path to a specific user's home directory (/Users/hanjin/) to retrieve sensitive API tokens, which is a significant security flaw and environment-specific risk. Additionally, SKILL.md provides instructions for the AI agent to execute shell commands via subprocess/curl to download content from URLs returned by the Coze API. While these behaviors are functionally related to the stated purpose of running Coze workflows, the insecure credential handling and hardcoded local paths are high-risk indicators.

Capability Assessment

⚠ Purpose & Capability

The skill claims only to call Coze workflows and provide examples for image/text workflows, which matches included code that uses the cozepy client. However, the skill declares no required credentials/config, yet both SKILL.md and the script expect a local token file. The script hardcodes a user-specific path (/Users/hanjin/.openclaw/workspace-prod/coze/coze-tokens.md) while SKILL.md references ~/workspace-prod/coze/coze-tokens.md — this mismatch and the omission of the token as a declared requirement is incoherent.

⚠ Instruction Scope

Instructions direct the agent to read a local tokens file and a workflows file and to follow shortlink redirects and download images via curl. Reading a token file and writing downloaded images is within the skill's purpose, but the script reads a hardcoded path in another user's dot-directory which is outside the documented workspace path. That behavior increases the chance of reading unrelated/privileged secrets and is not documented in requires/config.

✓ Install Mechanism

There is no install spec (instruction-only plus a helper script). This minimizes install-time risk. Note: the skill depends on the cozepy library and curl being available, but these dependencies are not declared.

⚠ Credentials

No environment variables or credentials are declared in metadata, yet the runtime expects a service token stored in a local file. The script looks for lines containing 'Bearer' and 'sat_' — i.e., a credential-like token — but this credential isn't declared as primaryEnv or required config. Requiring access to a token file without declaring it is disproportionate and raises risk of silent credential access/exfiltration.

✓ Persistence & Privilege

The skill is not always-enabled and does not request elevated platform privileges. It does not modify other skills' configs. Autonomous invocation is allowed (platform default) but not combined with other high-privilege flags.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install coze-workflow-runner
After installation, invoke the skill by name or use /coze-workflow-runner
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

coze-workflow-runner 1.0.0 - Initial release with support for invoking Coze workflows via API. - Enables automation tasks such as generating images and processing data. - Includes documentation for workflow authentication, listing, and invocation using the `cozepy` library. - Provides built-in workflows for short video script analysis (13-level logic) and pet knowledge card image generation. - Details how to handle and download images from returned short URLs.

Metadata

Slug coze-workflow-runner

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is coze-workflow-runner?

调用 Coze 工作流执行自动化任务，支持生成图片、处理数据等操作. It is an AI Agent Skill for Claude Code / OpenClaw, with 141 downloads so far.

How do I install coze-workflow-runner?

Run "/install coze-workflow-runner" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is coze-workflow-runner free?

Yes, coze-workflow-runner is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does coze-workflow-runner support?

coze-workflow-runner is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created coze-workflow-runner?

It is built and maintained by beilunjuzhen (@hanjin714); the current version is v1.0.0.

More Skills