← Back to Skills Marketplace
110
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install nm-sanctum-workflow-improvement
Description
Retrospective evaluation and improvement of skills, agents, commands, and hooks
Usage Guidance
This skill appears to do what it says (collect workflow context, propose improvements, and create GitHub issues), but several practical and safety gaps exist. Before installing or running it:
- Verify runtime tools: ensure git and the GitHub CLI (gh) are installed and authenticated, and confirm the 'memory-palace', 'review-room', and 'pensive' utilities the instructions reference are available in your environment. The skill metadata does not declare these dependencies.
- Review and restrict automatic writes: the module defaults to automatic issue creation. If you don't want the agent posting to your repositories, run with the documented opt-out (--no-auto-issues or SKIP_AUTO_ISSUES=true) or change the workflow to require an explicit --create flag.
- Confirm credentials and scope: ensure gh is authenticated to the intended account/repo, and consider using a token with limited scope or a sandbox repository for testing. The skill does not declare required env vars (e.g., GITHUB_TOKEN) or repository targets.
- Audit what gets posted: issue bodies may include file paths, PR text, and error messages. Remove or redact sensitive snippets before auto-creating issues.
- Suggested improvements to the skill owner: declare required binaries (git, gh), require or document the auth method (GITHUB_TOKEN or gh auth), make auto-creation opt-in by default, and add explicit repository/label configuration to avoid accidental writes.
If you want, I can produce a checklist or a small wrapper that enforces 'dry-run' by default (print would-be issue bodies instead of creating them) so you can safely evaluate the skill first.
Capability Analysis
Type: OpenClaw Skill
Name: nm-sanctum-workflow-improvement
Version: 1.0.0
The skill bundle facilitates workflow optimization through shell execution, git operations, and automated GitHub issue management. A significant security concern is identified in SKILL.md (Step 7.2), which instructs the agent to post 'tooling learnings' to a hardcoded external GitHub repository (athola/claude-night-market) regardless of the user's current project context, creating a potential path for accidental data leakage or unauthorized telemetry. Additionally, the automated issue creation logic in modules/auto-issue-creation.md grants the agent broad authority to interact with the GitHub CLI (gh) and create issues automatically, which increases the risk of unintended external communication.
Capability Assessment
Purpose & Capability
The skill's stated purpose (improving workflows, skills, agents, commands, hooks) aligns with the instructions which gather logs, git history, produce improvements, and create issues. However, the SKILL.md relies on external CLIs and services (git, gh, memory-palace/review-room utilities, pensive) without declaring them as required. That mismatch (no declared binaries or env vars) is incoherent: someone building this skill would legitimately need git and the GitHub CLI or an explicit GitHub token/config.
Instruction Scope
Instructions explicitly tell the agent to read logs, query knowledge bases, run git commands, and automatically create GitHub issues including contextual file/PR snippets. Gathering logs and git history is within scope, but the automatic creation of external artifacts (issues) by default is a behavioral escalation: it transmits captured context to an external service (GitHub) and may publish snippets or file references. The SKILL.md gives the agent broad discretion to auto-create issues unless a flag is passed, which can be surprising to users.
Install Mechanism
This is an instruction-only skill with no install spec (low install risk), but the runtime relies on CLIs (gh, git) and site-specific tools (memory-palace, review-room, pensive). Those are not listed in registry metadata. Absence of declared runtime dependencies is an inconsistency: the skill will fail or behave unexpectedly if those binaries/tools are missing or misconfigured.
Credentials
The skill does not declare any required environment variables or primary credentials, yet it instructs actions that require authentication (creating GitHub issues via gh or similar). Creating issues requires repository context and auth (gh auth/GITHUB_TOKEN); this is not surfaced in requires.env or primary credential fields. The skill also suggests sending potentially sensitive context (file locations, error messages, snippets) to GitHub; that data transmission should be explicit and justified.
Persistence & Privilege
The skill is not marked always:true and is user-invocable, which is appropriate. However, the module sets 'Automatic by Default' behavior for issue creation and the platform allows autonomous invocation. Combined with the other mismatches, that default-auto-create behavior increases the blast radius: the agent could autonomously create issues in user repos unless opt-out flags are used. The skill does not clearly require or document explicit consent or scoped targets for writes.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install nm-sanctum-workflow-improvement - After installation, invoke the skill by name or use
/nm-sanctum-workflow-improvement - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of the workflow-improvement skill, focused on retrospective analysis and enhancement of skill, agent, command, and hook workflows.
- Introduces a step-by-step process: context gathering, session slice capture, workflow recreation, improvement generation, plan agreement, implementation, validation, and lesson storage.
- Provides detailed guidance on gathering data from logs, git history, and knowledge bases to identify and address recurring workflow issues.
- Includes validation metrics and templates to clearly measure workflow improvements.
- Establishes conventions for both code changes and documentation.
- Sets up triggers for use in scenarios involving workflow inefficiency, instability, or recurring issues.
Metadata
Frequently Asked Questions
What is Nm Sanctum Workflow Improvement?
Retrospective evaluation and improvement of skills, agents, commands, and hooks. It is an AI Agent Skill for Claude Code / OpenClaw, with 110 downloads so far.
How do I install Nm Sanctum Workflow Improvement?
Run "/install nm-sanctum-workflow-improvement" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Nm Sanctum Workflow Improvement free?
Yes, Nm Sanctum Workflow Improvement is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Nm Sanctum Workflow Improvement support?
Nm Sanctum Workflow Improvement is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Nm Sanctum Workflow Improvement?
It is built and maintained by athola (@athola); the current version is v1.0.0.
More Skills