← Back to Skills Marketplace

Workflows

Name: Workflows
Author: askginadotai

by Ask Gina · GitHub ↗ · v1.0.2

cross-platform ⚠ suspicious

771

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install workflows

Description

Playbook for authoring, running, evaluating, and improving Gina sandbox workflows with safe defaults and repeatable operations.

Usage Guidance

This is a coherent operations playbook for creating and running sandbox workflows. It does describe and rely on workflow step capabilities that can execute shell commands, read and write files, and access KV/SQL; those are normal for a workflow system but mean you should never run unreviewed workflows. Before installing/using: (1) Confirm the 'workflow' CLI/runtime you will call is the expected/trusted tool on your system, (2) review any .ts workflow definitions in /workspace/.harness/workflows for untrusted exec/fs/kv usage, (3) keep secrets out of workflow code and logs, and (4) require explicit permission scopes and least privilege for any steps that perform writes or external actions.

Capability Analysis

Type: OpenClaw Skill Name: workflows Version: 1.0.2 The skill bundle is classified as suspicious due to the explicit documentation of powerful execution capabilities within workflow steps, which, when combined with input interpolation, creates a high risk of severe injection vulnerabilities. Specifically, `references/cli-and-definition.md` details `type: "ts"` steps with `exec(command)`, `fs.promises.*`, and `sql(query)` access, as well as `type: "bash"` and `type: "host"` steps. The `{{inputs.symbol}}` template syntax allows user input to be directly interpolated into these commands, enabling potential Remote Code Execution (RCE), SQL Injection (SQLi), and arbitrary file access if workflow authors do not implement robust input sanitization. While the skill itself is a playbook for workflow management and does not demonstrate malicious intent, it provides the building blocks and documentation for creating highly vulnerable workflows.

Capability Assessment

✓ Purpose & Capability

Name/description (workflow authoring, running, evaluating) match the content: CLI commands, workflow file locations, run artifacts, and evaluation/optimize loop are all directly relevant. No unrelated credentials, binaries, or installs are requested.

ℹ Instruction Scope

The SKILL.md and references describe workflow step types that include powerful runtime primitives (exec, fs.promises.*, kv.*, sql, callTool). This is expected for a workflow engine because steps must run shell commands, read/write files, and use KV/SQL. Because the playbook instructs authors/operators to scaffold/open workflows in /workspace/.harness/workflows and to validate/run them, you should review workflow code before executing runs—steps can execute arbitrary host commands and access files.

✓ Install Mechanism

Instruction-only skill with no install spec and no code files to write to disk. Low installation risk.

✓ Credentials

No environment variables, credentials, or config paths are requested. The playbook explicitly advises least-privilege and not including secrets in logs or skill text.

✓ Persistence & Privilege

Skill does not request always:true, does not modify other skills, and is user-invocable only. No long-lived privileges or autonomous persistence are requested.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install workflows
After installation, invoke the skill by name or use /workflows
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.2

CI sync from askgina/awesome-gina@99df81b

v1.0.1

manual sync from askgina/awesome-gina@77e993b

v1.0.0

- Initial release of Gina Workflows skill with playbook for authoring, running, and evaluating sandbox workflows. - Supports creation, validation, execution, and logging of TypeScript-based workflow definitions. - Introduces a repeatable evaluate-optimize-compare loop for workflow improvement. - Includes detailed security, permissions, and evidence requirements for safe automation. - Provides core CLI commands and setup instructions for workflow operations.

Metadata

Slug workflows

Version 1.0.2

License —

All-time Installs 5

Active Installs 4

Total Versions 3

Frequently Asked Questions

What is Workflows?

Playbook for authoring, running, evaluating, and improving Gina sandbox workflows with safe defaults and repeatable operations. It is an AI Agent Skill for Claude Code / OpenClaw, with 771 downloads so far.

How do I install Workflows?

Run "/install workflows" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Workflows free?

Yes, Workflows is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Workflows support?

Workflows is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Workflows?

It is built and maintained by Ask Gina (@askginadotai); the current version is v1.0.2.

More Skills