← 返回 Skills 市场
989
总下载
1
收藏
6
当前安装
1
版本数
在 OpenClaw 中安装
/install mcp-workflow
功能描述
Workflow automation using MCP (Model Context Protocol) patterns inspired by Jason Zhou
安全使用建议
Before installing or running this skill:
- Expect to need Node.js and the jq CLI (the scripts call node and jq, but the registry metadata does not declare them).
- Review the two included scripts (scripts/mcp-server.js and scripts/workflow-engine.sh) yourself — they read and write files and will read any path given via file:// URIs. Do not run them against sensitive directories or as root.
- The server can return arbitrary local files (file://{path}) to workflows; if you run the skill inside an agent with access to your home or project files, workflows or templates could leak data. Consider running inside a sandbox/container with limited filesystem scope.
- The SKILL.md mentions config:// and an OpenClaw config at ~/.openclaw/mcp-workflow.json, but the server code does not implement config:// reads nor automatically load that path — verify configuration behavior matches your expectations before relying on it.
- If you need integrations (email, Notion, Git providers) verify whether those are actually implemented or whether templates merely reference them. Don’t provide credentials unless you confirm the code will use them only for the intended integrations.
- If you’re unsure, run the code in an isolated environment, or ask the skill author for clarification about required binaries, which resource types are implemented, and where the skill will read/write data.
功能分析
Type: OpenClaw Skill
Name: mcp-workflow
Version: 1.0.0
The skill is classified as suspicious due to a Local File Inclusion (LFI) vulnerability in `scripts/mcp-server.js`. The `ReadResourceRequestSchema` handler for `file://` URIs directly uses the path provided in the URI without any path sanitization, allowing an attacker or compromised agent to read arbitrary files on the filesystem (e.g., `file:///etc/passwd`). While the skill's workflow execution is currently mocked, this LFI vulnerability presents a significant risk for data exfiltration.
能力评估
Purpose & Capability
The skill claims to provide MCP workflow automation (prompt chains, resource embedding, cross-server orchestration) and the included server/script files implement those capabilities. However there are incoherences: SKILL.md and templates reference integrations (e.g., 'config://', 'notion', 'email', 'git://', 'github://', 'linear://') that the server and shell script do not fully implement, and the metadata declares no required binaries even though the runtime clearly needs node and jq. These gaps make it unclear which features are actually supported and why certain resource types are listed.
Instruction Scope
Runtime instructions tell the agent/user to run node scripts/mcp-server.js and the shell workflow engine. The server implements memory://, template:// and file:// resources and the shell script reads and writes local files and a .mcp workspace. The server's file:// handler reads arbitrary file paths without sanitization, meaning workflows or prompts that reference file:// can access any file the agent process can read — this is coherent with 'resource embedding' but is high-risk in practice. Also SKILL.md lists config:// resources and describes config at ~/.openclaw/mcp-workflow.json, but the server's ReadResource handler does not implement config:// reading and the server does not read the ~/.openclaw config as described — a direct mismatch between instructions and code.
Install Mechanism
There is no external install spec or network download; the skill is instruction-plus-local-scripts only. No remote archives or installers are fetched by the skill itself, which reduces supply-chain risk. However the code depends on local runtime binaries (node, jq) that are not declared in the registry metadata.
Credentials
The registry lists no required environment variables, but the code reads environment variables (e.g., process.env.WORKFLOWS_DIR and the shell script respects MCP_DIR). The shell script and server will read and write files on disk (templates, workflows, .mcp, .mcp-memory.json), but those file-access patterns are not called out in the registry metadata. The skill does not request cloud credentials, which is appropriate, but the lack of declared runtime requirements (node, jq, file-path access) is an unexplained omission.
Persistence & Privilege
always:false (good). The skill writes local state (memory files like .mcp/.workflow-memory.json and templates/workflows in the working directory) and creates an MCP workspace when initialized. It does not request system-wide configuration changes or claim elevated privileges, but it will persist data to disk within the user's project or current directory and can read arbitrary files via file:// URIs.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install mcp-workflow - 安装完成后,直接呼叫该 Skill 的名称或使用
/mcp-workflow触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: MCP workflow automation with prompt chains, resource templates, and multi-step orchestration inspired by Jason Zhou
元数据
常见问题
MCP Workflow 是什么?
Workflow automation using MCP (Model Context Protocol) patterns inspired by Jason Zhou. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 989 次。
如何安装 MCP Workflow?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install mcp-workflow」即可一键安装,无需额外配置。
MCP Workflow 是免费的吗?
是的,MCP Workflow 完全免费(开源免费),可自由下载、安装和使用。
MCP Workflow 支持哪些平台?
MCP Workflow 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 MCP Workflow?
由 slemo54(@slemo54)开发并维护,当前版本 v1.0.0。
推荐 Skills