← Back to Skills Marketplace
bvinci1-design

Flow

by bvinci1-design · GitHub ↗ · v0.1.4
cross-platform ⚠ suspicious
2771
Downloads
5
Stars
5
Active Installs
5
Versions
Install in OpenClaw
/install flow
Description
Intelligent skill orchestrator that compiles natural language requests into secure, reusable workflows
README (SKILL.md)

summary: Intelligent skill orchestrator that compiles natural language requests into secure, reusable workflows tags:

  • automation
  • workflow
  • nlp
  • security
  • orchestration
  • skill-builder
  • clawdbot
  • mcp

Flow

Intelligent Skill Orchestrator for Clawdbot/MCP - compose natural language requests into secure, reusable FLOW skills.

Capabilities

  • Parse natural language build requests
  • Search skill registry for reusable components
  • Security scan all skills before composition
  • Compile multiple skills into unified FLOW
  • Track skill usage for intelligent reuse
  • Dependency resolution with topological sorting

How It Works

  1. Natural Language Input: Describe what you want to build
  2. Intent Parsing: Extract capabilities, tags, and execution steps
  3. Registry Search: Find existing skills that match requirements
  4. Security Scan: Check all components for malicious patterns
  5. Composition: Merge skills into single executable FLOW
  6. Registration: Save new FLOW for future reuse

Usage

Interactive Mode

python flow.py
Flow> Build a web scraper that extracts prices and saves to CSV

CLI Mode

python flow.py "Create an automation that monitors API endpoints"

List Skills

python flow.py --list

Security Features

  • Code execution detection (eval, exec)
  • Data exfiltration pattern matching
  • Crypto mining indicator scanning
  • System modification attempt detection
  • AST-based code analysis
  • Obfuscation detection

Architecture

  • flow.py - Main orchestrator
  • natural_language_parser.py - NLP for user intent
  • skill_registry.py - Reusable skill database
  • skill_scanner_integration.py - Security scanning
  • skill_composer.py - Compiles skills into FLOW

Requirements

  • Python 3.8+
  • No external dependencies for core functionality

Author

@bvinci1-design

Usage Guidance
This package mostly does what it says (parse requests, find skills, scan code, and compose new skills), but take these precautions before installing/running: - Review requirements.txt and install dependencies in an isolated environment (virtualenv/container). The README and SKILL.md disagree about dependencies. - Run Flow in a sandbox or non-sensitive workspace first: by default it will read from ./skills, write composed flows to ./flows, and update ./skill_registry.json. If you have an important registry file, back it up or set registry_path in a config to a different location. - The composer can write/generated Python code and can accept templates — do not point it at untrusted templates or inputs that might cause it to write and later execute malicious code. - The code bundle shows signs of truncation/bugs (incomplete variable names / truncated functions). Expect runtime exceptions; review the full source in your environment before trusting automated composition. - Increase the scanner strictness (set security_level to 'strict') if you plan to auto-compose flows from third-party skills; inspect any skills that the scanner marks as HIGH/CRITICAL before composing. - Because the package author and homepage are unknown, prefer to run it locally in an isolated environment and perform a manual code review on any composed flows before executing them. What would change this assessment: receiving the complete, non-truncated source files (showing fixes), a clear statement of which dependencies are optional, and assurance that composed flows do not automatically execute third-party code (only write code for manual review) would raise confidence and could move the verdict toward benign.
Capability Analysis
Type: OpenClaw Skill Name: flow Version: 0.1.4 The OpenClaw AgentSkills bundle is classified as benign. The core functionality involves an 'Intelligent Skill Orchestrator' that processes natural language requests to compose and execute new skills. Crucially, the `skill_scanner_integration.py` module is designed to actively detect and block malicious patterns such as arbitrary code execution (`eval`, `exec`, `os.system`), data exfiltration, and crypto mining indicators. The `flow.py` orchestrator explicitly checks and blocks skills with critical security issues. The `SKILL.md` instructions and all code files are aligned with the stated purpose of building secure workflows and do not contain any evidence of intentional harmful behavior or prompt injection attempts against the agent. All dependencies listed in `requirements.txt` are legitimate and include several security and code analysis tools, further supporting its defensive posture.
Capability Assessment
Purpose & Capability
The name/description match the provided components: parser, registry, scanner, composer, and a Streamlit UI. However SKILL.md claims "No external dependencies for core functionality" while requirements.txt lists many heavy external packages (streamlit, spacy, bandit, safety, ast-grep, etc.). That mismatch is plausibly a 'core vs optional' distinction but is unexplained and worth verifying.
Instruction Scope
SKILL.md instructs running flow.py or the Streamlit UI which is consistent with the code. The runtime behavior will scan local skill directories, compute file hashes, compose and write new skill Python files, and update a registry file. The instructions do not request secrets or remote endpoints, but the code will read and write files under configurable paths (skills_directory, output_directory, registry_path) and may generate executable code from templates — which could persist arbitrary code on disk if untrusted inputs/templates are used.
Install Mechanism
There is no install spec in the registry (instruction-only), but the bundle includes a requirements.txt listing non-stdlib dependencies. The absence of an install mechanism combined with the presence of dependencies means the user must manually install packages; this is not dangerous per se but creates friction and a potential mismatch between 'no external deps' claims and reality.
Credentials
The skill declares no required environment variables or credentials and the code does not demand secrets to run. The security scanner looks for cloud/storage/API library usage (boto3, s3, etc.) but those are only detection patterns; the skill does not request or store credentials itself. This is proportionate to the stated purpose.
Persistence & Privilege
The skill writes files (composed flows) and updates a local registry JSON by default (auto_update_registry=true). It will create directories and compute hashes of files under the skills directory. It is not force-included (always:false) and does not request elevated platform privileges, but its default behavior includes persistent changes to your project directory and registry — consider changing registry_path/output_directory or disabling auto registry updates before use.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install flow
  3. After installation, invoke the skill by name or use /flow
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.4
- No user-facing changes in this release. - Documentation, functionality, and features remain unchanged from the previous version.
v0.1.3
- Added initial CHANGELOG.md file.
v0.1.2
- Added SKILL metadata fields: name and description at the top of SKILL.md. - No functional or documentation changes beyond updated metadata.
v0.1.1
- No user-facing changes in this release. - Version bump to 0.1.1; documentation and functionality remain unchanged.
v0.1.0
Initial release of flow: intelligent skill orchestrator. - Enables converting natural language requests into secure, reusable workflow skills. - Integrates skill registry search, security scanning, and modular composition. - Supports both interactive and CLI usage for workflow creation. - Detects risky code patterns for enhanced security. - Tracks and registers composed FLOWs for future reuse and intelligent orchestration.
Metadata
Slug flow
Version 0.1.4
License
All-time Installs 6
Active Installs 5
Total Versions 5
Frequently Asked Questions

What is Flow?

Intelligent skill orchestrator that compiles natural language requests into secure, reusable workflows. It is an AI Agent Skill for Claude Code / OpenClaw, with 2771 downloads so far.

How do I install Flow?

Run "/install flow" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Flow free?

Yes, Flow is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Flow support?

Flow is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Flow?

It is built and maintained by bvinci1-design (@bvinci1-design); the current version is v0.1.4.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments