← Back to Skills Marketplace

SoulFlow — Agent Teams Workflow Skill

Name: SoulFlow — Agent Teams Workflow Skill
Author: 0xtommythomas-dev

by 0xtommythomas-dev · GitHub ↗ · v1.1.2

cross-platform ⚠ suspicious

948

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install soulflow

Description

General-purpose AI workflow framework for OpenClaw. Build custom multi-step workflows for any task — dev, ops, research, content, or automation. Ships with dev workflow examples.

Usage Guidance

This skill is functionally coherent but requests powerful, persistent privileges. Before installing or running it: 1) Review the code (especially lib/runner.js and lib/gateway.js) and any workflows you will run. 2) Backup ~/.openclaw/openclaw.json and inspect authProfiles; consider removing sensitive authProfiles or creating a limited account for testing. 3) Be cautious: the worker inherits other agents' authProfiles and can access external services (GitHub, cloud). 4) Prefer running in an isolated/test OpenClaw instance or sandboxed user account first. 5) Only run workflows you (or trusted collaborators) author; inspect any third-party .workflow.json before execution. If you cannot inspect code or do not trust the author, avoid installing this skill.

Capability Analysis

Type: OpenClaw Skill Name: soulflow Version: 1.1.2 The skill is classified as suspicious due to its extremely broad permissions and capabilities, which, while explicitly declared, present a significant attack surface. The `SKILL.md` and `README.md` clearly state that the skill creates a `soulflow-worker` agent with 'full tool access' (read, write, edit, exec, browser) and 'inherits authProfiles' (credentials) from existing agents. Workflows, such as `security-audit.workflow.json` and `deploy-pipeline.workflow.json`, directly instruct the worker agent to use `exec` for arbitrary command execution. While the documentation transparently warns users about these risks and the need to trust the skill author and custom workflows, the inherent power to perform RCE, access credentials, and modify the system (via `config.patch` in `lib/runner.js` to create agents) elevates it beyond benign, even without clear evidence of intentional malicious self-exploitation by the author.

Capability Assessment

ℹ Purpose & Capability

The declared purpose — running multi-step workflows that read/edit files and run commands — aligns with most requested capabilities (node binary, access to OpenClaw config, ability to create a worker agent and use the gateway). Creating a dedicated worker agent and using WebSocket gateway calls is coherent for this functionality. However, copying authProfiles from existing agents into the new worker and granting it a 'full' tools profile is a high-privilege design choice that goes beyond minimal capability needed in many cases.

⚠ Instruction Scope

SKILL.md and the code instruct the agent to read ~/.openclaw/openclaw.json (to obtain gateway auth token), call config.get/config.patch on the gateway, create/modify agents, and write files under ~/.openclaw (agent soul, state, workspace). That is within the engine's purpose but broad: the runner intentionally extracts gateway tokens and copies authProfiles into the worker (granting the worker access to external services such as GitHub/cloud). The NL handler spawns child processes, and steps are explicitly told to USE TOOLS (read/edit/exec/browser), meaning workflows can read and modify arbitrary project files and run commands.

✓ Install Mechanism

There is no remote download/install step: the package is self-contained Node.js code (zero external dependencies). Nothing is pulled from shorteners or untrusted URLs at install time. This reduces supply-chain risk compared to skills that download archives or install third-party packages.

⚠ Credentials

No environment variables are declared, but the code reads ~/.openclaw/openclaw.json to extract gateway.auth.token and then uses that token to authenticate with the local gateway. The worker agent creation copies authProfiles from existing agents into the new worker, effectively granting it any external service credentials already configured. Reading and reusing those credentials is a powerful capability and not strictly minimal for all workflow uses.

⚠ Persistence & Privilege

The skill creates a persistent agent (soulflow-worker) by patching the gateway config and writing agent files under ~/.openclaw/agents/. That modifies system-wide/OpenClaw-wide configuration and can persist long-term with full tool access (read/write/edit/exec/browser). While 'always' is false, the skill still requests durable, high-privilege presence and can inherit other agents' credentials — increasing blast radius if abused.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install soulflow
After installation, invoke the skill by name or use /soulflow
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.1.2

soulflow 1.1.2 - Updated permissions metadata to explicitly list required file access, including read/write to `~/.openclaw/openclaw.json` and workspace directories. - Clarified that the `soulflow-worker` agent inherits `authProfiles` from existing agents, granting access to external services (e.g., GitHub, cloud providers). - Strengthened security notes: worker agent inherits credentials; operations require local permissions; installation is recommended only if you trust the skill author. - No changes to functionality or workflow handling; documentation updates to reflect security and permission details.

v1.1.1

SoulFlow 1.1.1 - Added LICENSE file for open source licensing and legal clarity. - Updated project metadata to specify permissions needed (config read, gateway modify, agent creation, filesystem write) and included a security note on agent privileges. - Updated homepage URL in metadata. - Enhanced documentation with new “Security & Permissions” section explaining agent capabilities and operational privileges.

v1.1.0

Initial release v1.1.0 Features: - General-purpose workflow framework for multi-step AI tasks - Zero dependencies (pure Node.js 22) - Auto-notifications when workflows complete - 6 example workflows (dev, ops, content) - Natural language invocation - Interactive workflow builder

Metadata

Slug soulflow

Version 1.1.2

License —

All-time Installs 3

Active Installs 2

Total Versions 3

Frequently Asked Questions

What is SoulFlow — Agent Teams Workflow Skill?

General-purpose AI workflow framework for OpenClaw. Build custom multi-step workflows for any task — dev, ops, research, content, or automation. Ships with dev workflow examples. It is an AI Agent Skill for Claude Code / OpenClaw, with 948 downloads so far.

How do I install SoulFlow — Agent Teams Workflow Skill?

Run "/install soulflow" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is SoulFlow — Agent Teams Workflow Skill free?

Yes, SoulFlow — Agent Teams Workflow Skill is completely free (open-source). You can download, install and use it at no cost.

Which platforms does SoulFlow — Agent Teams Workflow Skill support?

SoulFlow — Agent Teams Workflow Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created SoulFlow — Agent Teams Workflow Skill?

It is built and maintained by 0xtommythomas-dev (@0xtommythomas-dev); the current version is v1.1.2.

More Skills