← 返回 Skills 市场
bvinci1-design

Flow

作者 bvinci1-design · GitHub ↗ · v0.1.4
cross-platform ⚠ suspicious
2771
总下载
5
收藏
5
当前安装
5
版本数
在 OpenClaw 中安装
/install flow
功能描述
Intelligent skill orchestrator that compiles natural language requests into secure, reusable workflows
使用说明 (SKILL.md)

summary: Intelligent skill orchestrator that compiles natural language requests into secure, reusable workflows tags:

  • automation
  • workflow
  • nlp
  • security
  • orchestration
  • skill-builder
  • clawdbot
  • mcp

Flow

Intelligent Skill Orchestrator for Clawdbot/MCP - compose natural language requests into secure, reusable FLOW skills.

Capabilities

  • Parse natural language build requests
  • Search skill registry for reusable components
  • Security scan all skills before composition
  • Compile multiple skills into unified FLOW
  • Track skill usage for intelligent reuse
  • Dependency resolution with topological sorting

How It Works

  1. Natural Language Input: Describe what you want to build
  2. Intent Parsing: Extract capabilities, tags, and execution steps
  3. Registry Search: Find existing skills that match requirements
  4. Security Scan: Check all components for malicious patterns
  5. Composition: Merge skills into single executable FLOW
  6. Registration: Save new FLOW for future reuse

Usage

Interactive Mode

python flow.py
Flow> Build a web scraper that extracts prices and saves to CSV

CLI Mode

python flow.py "Create an automation that monitors API endpoints"

List Skills

python flow.py --list

Security Features

  • Code execution detection (eval, exec)
  • Data exfiltration pattern matching
  • Crypto mining indicator scanning
  • System modification attempt detection
  • AST-based code analysis
  • Obfuscation detection

Architecture

  • flow.py - Main orchestrator
  • natural_language_parser.py - NLP for user intent
  • skill_registry.py - Reusable skill database
  • skill_scanner_integration.py - Security scanning
  • skill_composer.py - Compiles skills into FLOW

Requirements

  • Python 3.8+
  • No external dependencies for core functionality

Author

@bvinci1-design

安全使用建议
This package mostly does what it says (parse requests, find skills, scan code, and compose new skills), but take these precautions before installing/running: - Review requirements.txt and install dependencies in an isolated environment (virtualenv/container). The README and SKILL.md disagree about dependencies. - Run Flow in a sandbox or non-sensitive workspace first: by default it will read from ./skills, write composed flows to ./flows, and update ./skill_registry.json. If you have an important registry file, back it up or set registry_path in a config to a different location. - The composer can write/generated Python code and can accept templates — do not point it at untrusted templates or inputs that might cause it to write and later execute malicious code. - The code bundle shows signs of truncation/bugs (incomplete variable names / truncated functions). Expect runtime exceptions; review the full source in your environment before trusting automated composition. - Increase the scanner strictness (set security_level to 'strict') if you plan to auto-compose flows from third-party skills; inspect any skills that the scanner marks as HIGH/CRITICAL before composing. - Because the package author and homepage are unknown, prefer to run it locally in an isolated environment and perform a manual code review on any composed flows before executing them. What would change this assessment: receiving the complete, non-truncated source files (showing fixes), a clear statement of which dependencies are optional, and assurance that composed flows do not automatically execute third-party code (only write code for manual review) would raise confidence and could move the verdict toward benign.
功能分析
Type: OpenClaw Skill Name: flow Version: 0.1.4 The OpenClaw AgentSkills bundle is classified as benign. The core functionality involves an 'Intelligent Skill Orchestrator' that processes natural language requests to compose and execute new skills. Crucially, the `skill_scanner_integration.py` module is designed to actively detect and block malicious patterns such as arbitrary code execution (`eval`, `exec`, `os.system`), data exfiltration, and crypto mining indicators. The `flow.py` orchestrator explicitly checks and blocks skills with critical security issues. The `SKILL.md` instructions and all code files are aligned with the stated purpose of building secure workflows and do not contain any evidence of intentional harmful behavior or prompt injection attempts against the agent. All dependencies listed in `requirements.txt` are legitimate and include several security and code analysis tools, further supporting its defensive posture.
能力评估
Purpose & Capability
The name/description match the provided components: parser, registry, scanner, composer, and a Streamlit UI. However SKILL.md claims "No external dependencies for core functionality" while requirements.txt lists many heavy external packages (streamlit, spacy, bandit, safety, ast-grep, etc.). That mismatch is plausibly a 'core vs optional' distinction but is unexplained and worth verifying.
Instruction Scope
SKILL.md instructs running flow.py or the Streamlit UI which is consistent with the code. The runtime behavior will scan local skill directories, compute file hashes, compose and write new skill Python files, and update a registry file. The instructions do not request secrets or remote endpoints, but the code will read and write files under configurable paths (skills_directory, output_directory, registry_path) and may generate executable code from templates — which could persist arbitrary code on disk if untrusted inputs/templates are used.
Install Mechanism
There is no install spec in the registry (instruction-only), but the bundle includes a requirements.txt listing non-stdlib dependencies. The absence of an install mechanism combined with the presence of dependencies means the user must manually install packages; this is not dangerous per se but creates friction and a potential mismatch between 'no external deps' claims and reality.
Credentials
The skill declares no required environment variables or credentials and the code does not demand secrets to run. The security scanner looks for cloud/storage/API library usage (boto3, s3, etc.) but those are only detection patterns; the skill does not request or store credentials itself. This is proportionate to the stated purpose.
Persistence & Privilege
The skill writes files (composed flows) and updates a local registry JSON by default (auto_update_registry=true). It will create directories and compute hashes of files under the skills directory. It is not force-included (always:false) and does not request elevated platform privileges, but its default behavior includes persistent changes to your project directory and registry — consider changing registry_path/output_directory or disabling auto registry updates before use.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install flow
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /flow 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.4
- No user-facing changes in this release. - Documentation, functionality, and features remain unchanged from the previous version.
v0.1.3
- Added initial CHANGELOG.md file.
v0.1.2
- Added SKILL metadata fields: name and description at the top of SKILL.md. - No functional or documentation changes beyond updated metadata.
v0.1.1
- No user-facing changes in this release. - Version bump to 0.1.1; documentation and functionality remain unchanged.
v0.1.0
Initial release of flow: intelligent skill orchestrator. - Enables converting natural language requests into secure, reusable workflow skills. - Integrates skill registry search, security scanning, and modular composition. - Supports both interactive and CLI usage for workflow creation. - Detects risky code patterns for enhanced security. - Tracks and registers composed FLOWs for future reuse and intelligent orchestration.
元数据
Slug flow
版本 0.1.4
许可证
累计安装 6
当前安装数 5
历史版本数 5
常见问题

Flow 是什么?

Intelligent skill orchestrator that compiles natural language requests into secure, reusable workflows. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2771 次。

如何安装 Flow?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install flow」即可一键安装,无需额外配置。

Flow 是免费的吗?

是的,Flow 完全免费(开源免费),可自由下载、安装和使用。

Flow 支持哪些平台?

Flow 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Flow?

由 bvinci1-design(@bvinci1-design)开发并维护,当前版本 v0.1.4。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论