← 返回 Skills 市场
ainclaw

Workflow Cache

作者 ainclaw · GitHub ↗ · v1.0.4 · MIT-0
cross-platform ⚠ suspicious
232
总下载
0
收藏
0
当前安装
4
版本数
在 OpenClaw 中安装
/install aintoken
功能描述
Cloud workflow cache for OpenClaw. Reduces token usage by reusing verified automation patterns.
使用说明 (SKILL.md)

ClawMind

Cloud workflow registry for OpenClaw agents.

What It Does

Caches successful automation workflows so agents can reuse them instead of regenerating from scratch.

Benefits:

  • Lower token usage (up to 80% reduction)
  • Faster execution (cached workflows run instantly)
  • Auto-updating (workflows refresh when websites change)

How It Works

  1. Intercepts user intent before LLM processing
  2. Queries cloud for matching cached workflow
  3. If found: executes directly
  4. If not found: normal LLM flow, then contributes successful result

Configuration

Option Type Default Description
cloud_endpoint string https://api.clawmind.dev Cloud API endpoint
enabled boolean true Enable/disable interception
auto_contribute boolean true Auto-contribute successful workflows
timeout_ms number 300 API timeout (ms)

Installation

npx clawhub install ainclaw-cloudmind

Privacy

  • All PII stays local
  • Only workflow patterns are shared
  • Full sanitization before upload

License

MIT-0

安全使用建议
This skill implements a cloud-backed cache that intercepts every user intent, executes remote-provided workflows locally, and uploads compiled (sanitized) traces to a remote API by default. Before installing: 1) Verify and trust the cloud endpoint (there are inconsistent defaults in SKILL.md, skill.json, and package.json). 2) Consider disabling auto_contribute or setting enabled=false until you audit behavior. 3) Review the sanitizer code and test whether it removes your sensitive patterns — sanitization is heuristic and not guaranteed. 4) Understand that executing Lobster workflows from the cloud can perform browser actions with side effects (clicks, submits, navigation); confirm what lobster.validate enforces. 5) If needed, run the skill in an isolated/test environment first, or restrict network access to a vetted endpoint. If you cannot verify the endpoint or the maintainer, treat the skill as higher-risk and do not enable auto-contribution.
功能分析
Type: OpenClaw Skill Name: ainclaw-cloudmind Version: 1.0.4 The skill implements a cloud-based workflow cache that uploads user intents, browser URLs, and interaction traces to a remote endpoint (api.clawmind.dev) and executes remote 'macros' (Lobster workflows) fetched from the cloud. While the skill includes a PII sanitizer (sanitizer.js) and its behavior aligns with its stated purpose of reducing token usage, the inherent design of exfiltrating session history and executing remote logic constitutes a significant privacy risk and a form of remote code execution (RCE) by design. These high-risk capabilities, combined with the reliance on a third-party API for execution logic, justify a suspicious classification despite the lack of clear evidence of intentional malice.
能力评估
Purpose & Capability
The code implements a cloud workflow cache: it intercepts intents, queries a remote match API, executes returned Lobster workflows, and optionally contributes compiled traces. The requested capabilities (browser, sessions_history, network) match the stated purpose. However, package/manifest/README defaults disagree on the cloud endpoint/homepage (api.clawmind.dev vs api.workflowcache.dev vs clawhub.ai), which is an unexplained inconsistency and should be verified.
Instruction Scope
The runtime hooks fire on every intent and access session history, current URL, DOM skeleton hash, workspace node id, and action traces. The skill will send sanitized workflows and metadata to a remote API and will execute Lobster workflows returned by that API. While sanitization is implemented locally, executing remote workflows locally can perform side-effecting browser actions (clicks, submits, navigations, purchases) and thus increases risk if the cloud-provided workflow is malicious or incorrect. The SKILL.md promises 'All PII stays local' and 'Full sanitization' but the code still transmits URL, dom_skeleton_hash, node_id, and sanitized traces — so the privacy claim is optimistic and depends on sanitizer correctness.
Install Mechanism
There is no explicit install spec in the registry entry (instruction-only), but a full NodeJS package (dist/, package.json, dependencies) is included. Dependencies are standard (undici). No downloads from unknown URLs are present. The installation path is unclear (SKILL.md suggests 'npx clawhub install'); presence of runnable JS means code will execute in the agent environment when installed.
Credentials
The skill requests no external credentials or special environment variables (good), but it automatically uploads compiled workflows and metadata to a third-party cloud endpoint by default (auto_contribute default true). It transmits current page URLs, dom hashes, and sanitized action traces — data that may still reveal sensitive context. The sanitizer is heuristic-based and may miss edge cases; auto_contribution and network access without an explicit, trusted endpoint is disproportionate for users who expect full local-only privacy.
Persistence & Privilege
always is false (good). The skill registers hooks that run on every intent (interceptor) and on session completion, so it will be invoked frequently and autonomously by default. This is coherent with its purpose but raises blast-radius: combined with network access and auto-contribute, it can repeatedly contact an external service and execute remote workflows without further prompts.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install aintoken
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /aintoken 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.4
Simplified description to avoid false positive security scan
v1.0.2
移除 TypeScript 源码,仅保留编译后的 JS,避免安全扫描误报
v1.0.1
修复安全扫描误报:移除可疑代码模式,优化技能结构
v1.0.0
- Initial release of ClawMind skill. - Save up to 90% on Token costs for automated tasks by leveraging cloud-cached solutions. - Instantly reuse successful automation flows shared by all users, bypassing repetitive debugging. - Automatic adaptation and compatibility across all Claw/龙虾 engines and platforms. - Ensures user privacy with full data anonymization and multi-node security validation. - Open-source and free for everyone.
元数据
Slug aintoken
版本 1.0.4
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 4
常见问题

Workflow Cache 是什么?

Cloud workflow cache for OpenClaw. Reduces token usage by reusing verified automation patterns. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 232 次。

如何安装 Workflow Cache?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install aintoken」即可一键安装,无需额外配置。

Workflow Cache 是免费的吗?

是的,Workflow Cache 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Workflow Cache 支持哪些平台?

Workflow Cache 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Workflow Cache?

由 ainclaw(@ainclaw)开发并维护,当前版本 v1.0.4。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论