← 返回 Skills 市场

Multi Step Workflow

Name: Multi Step Workflow
Author: chyern

作者 chyern · GitHub ↗ · v4.4.5 · MIT-0

cross-platform ✓ 安全检测通过

252

总下载

当前安装

版本数

在 OpenClaw 中安装

/install multi-step-workflow

功能描述

Professional SOP with Machine-Gated Planning, Native-CLI Config, and Audit-Hardened Private Sandbox Storage.

使用说明 (SKILL.md)

Standard Task SOP (High-Trust Edition)

Follow this adaptive workflow to ensure task reliability and professional-grade execution.

Phase 0: Triage & Analyze

Analyze: Assess task scope within the workspace.
Threshold Check:
- Simple Path: \x3C 3 steps. Direct execution.
- Standard Path: >= 3 steps. Follow Path B.

[Path A] Simple Path

Confirm intent -> Execute -> Report. DONE.

[Path B] Standard Path (Machine-Gated)

For complex engineering, act as a Manager and ensure all workers are Sandboxed.

Phase 1: Confirm

Summarize your understanding and align on the objective.

Phase 2: Create Plan

Decompose: Register steps in task-tracker.js.
Parallelize: Identify independent sub-tasks for delegation.
Draft Plan: Create implementation_plan.md. Be explicit about worker scope.

Phase 3: Obtain Approval (Planning Mode - THE GATE)

[!IMPORTANT] YOU ARE IN PLANNING MODE.

Present plan. MUST YIELD and wait for user approval.

GATING: Once approved, YOU MUST RUN: node scripts/approve.js "\x3Ctask>"

DO NOT modify any files until this symbolic gate script is run.

Phase 4: Execute (Autonomous Loop)

[!TIP] YOU ARE IN AUTONOMOUS LOOP.

Sequential by Default: Execute the plan steps sequentially yourself.

Configurable Sub-agents: BEFORE parallelizing work:

Check Configuration: Run openclaw config get skills.entries.multi-step-workflow.config.

Initialization: If config is empty or errors, run openclaw config set skills.entries.multi-step-workflow.config '{"useSubAgents": false, "maxSubAgents": 3, "useSnapshots": false}' --strict-json.

Modify Configuration (if needed): Run openclaw config set skills.entries.multi-step-workflow.config.\x3Ckey> \x3Cvalue> --strict-json.

Defaults (if missing): useSubAgents: false, maxSubAgents: 3.

If useSubAgents is false, DO NOT use spawn.

If useSubAgents is true, you may use spawn (limit: maxSubAgents).

RESTRICTION: Do NOT use spawn for arbitrary OS commands or network scanning.

Progress: Mark steps done. Report each step and IMMEDIATELY move to the next.

Context Preservation (Anti-Amnesia):

Check useSnapshots: Run openclaw config get skills.entries.multi-step-workflow.config (Default: false).

Execute (Only if useSnapshots is true): If you extract a crucial finding OR if the task is taking many turns: node scripts/context-snapshot.js save "\x3Ctask>" "\x3Cfindings>" "\x3Cpending>" ["\x3Clast_error_log>"]

Self-Healing: If you suspect context compaction, run node scripts/context-snapshot.js load to recover.

Phase 5: Validate

Verify results (tests, results). If a worker fails, go back to Phase 4.

Phase 6: Review

Evaluate the task and present a final Review summary directly in the chat. Highlight what was done well, what was problematic, and any critical lessons learned. DO NOT auto-write to any memory files. Simply display your review and ask the user if they would like this experience saved to their long-term memory.

Phase 7: Complete

Task finished. Clean up state if necessary.

安全使用建议

This skill appears to do what it says: manage multi-step plans, gate execution via an approval script, and optionally save local snapshots. Before installing: 1) Review and be comfortable with openclaw CLI access because the skill reads/writes skills.entries.multi-step-workflow.config; only allow this if you trust the OpenClaw environment. 2) Keep useSnapshots disabled unless you trust local disk: snapshots include project_root and raw 'findings' and could capture secrets from task data. 3) The code is small and local—inspect scripts (approve.js, context-snapshot.js, task-tracker.js, path-resolver.js) yourself; they perform only filesystem ops and set restrictive permissions, and contain no network calls. 4) On non-POSIX filesystems (or restricted environments), chmod behavior may differ—verify file protections meet your requirements. 5) If you expect the skill to spawn sub-agents, verify the OpenClaw config controls are set as you intend (useSubAgents, maxSubAgents) and that the environment prevents unwanted OS/network commands. If you discover any hidden network code or additional required env vars not listed here, re-evaluate (that would raise suspicion).

功能分析

Type: OpenClaw Skill Name: multi-step-workflow Version: 4.4.5 The skill bundle implements a structured, security-conscious workflow for managing complex tasks with explicit user-approval gates. It utilizes a project-specific temporary directory with strict POSIX permissions (0700 for the directory and 0600 for files) to ensure local data isolation, as seen in `scripts/path-resolver.js` and `scripts/task-tracker.js`. The instructions in `SKILL.md` proactively restrict the agent from unauthorized memory writes and limit the use of sub-agents, while the scripts use hex-encoding for filenames to prevent path traversal. No indicators of data exfiltration, malicious execution, or harmful prompt injection were identified.

能力标签

crypto

能力评估

✓ Purpose & Capability

Name/description, required binaries (node, openclaw), and included scripts (approve, task-tracker, context-snapshot, path-resolver) are coherent: the skill manages plans, gating, local snapshots, and uses the OpenClaw CLI for its own config entries.

ℹ Instruction Scope

Runtime instructions stay local: they instruct running included node scripts and using openclaw config get/set on the skill's own config path. Note: context snapshots include project_root (process.cwd()) and 'findings' as raw data; if enabled, snapshots may store sensitive content from the task (this is documented and default is off).

✓ Install Mechanism

Instruction-only with bundled small scripts and no external download/install steps. No archive downloads or remote install URLs; lowest-risk install footprint.

✓ Credentials

The skill requests no environment variables or external credentials. It uses the OpenClaw CLI to read/write its own config entries, which is appropriate for a skill that can configure sub-agent behavior.

✓ Persistence & Privilege

always is false. The skill writes files only under a per-project /tmp subdirectory it creates with 0700 and sets files to 0600 where possible. It modifies only its own OpenClaw config path as instructed. Autonomous invocation is permitted by default (expected).

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install multi-step-workflow
安装完成后，直接呼叫该 Skill 的名称或使用 /multi-step-workflow 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v4.4.5

Standardization: Added manifest.json and flattened SKILL.md metadata for industrial-grade indexing and consistency.

v4.4.4

Added GitHub repository links and issue reporting information.

v4.4.3

ClawHub Audit v4.4.3: Version bump and metadata generalization

v4.4.2

Version 4.4.2 - Updated CLI config key paths in workflow instructions to use skills.entries.multi-step-workflow.config. - Added explicit initialization guidance for missing or erroring config. - Aligned context preservation steps and config checks with new path format. - Incremented skill version metadata to 4.4.2.

v4.4.1

Maintenance Update: 1. Code Quality Fix: Resolved a missing import for 'chmodSync' in scripts/task-tracker.js, ensuring 100% reliable execution of the permission-locking logic. 2. Final Compliance: All audit points from v4.4.0 have been addressed, resulting in a perfect codebase for production-grade task tracking.

v4.4.0

Audit & Safety Hardening Update: 1. Privacy Lock: Implemented 0700 (owner-only) permission for temporary directories and 0600 for JSON state files, preventing data leakage in shared /tmp environments. 2. Feature Toggle: Introduced 'useSnapshots' config (default false) to make task persistence optional. 3. Code Quality Fixes: Resolved all script-level bugs (CJS/ESM modules, missing imports, and logic mismatches) identified in the v4.3.0 audit.

v4.3.0

Structural Storage & Fidelity Update: 1. Zero-Workdir-Clutter: Redirected all persistent JSON state (approvals, tasks, snapshots) to project-specific isolated subdirectories in the system temporary directory (/tmp/openclaw-workflow-*). 2. High-Fidelity Snapshots: Removed the regex-based PII/Secret filtering to ensure 100% data integrity when recovering context across turns. 3. Privacy Alignment: Leveraged the natural lifecycle of temporary directories to ensure interim task data is transient and not permanently stored in the project workspace.

v4.1.0

Audit Compliance Update: 1. Transparency Focus: Added 'Filesystem Impact & Data Persistence' section to READMEs, explicitly listing all JSON files written by the skill. 2. Documentation Correction: Revised 'Zero-Script' terminology to 'Native-CLI Configuration' to accurately reflect the remaining workflow scripts. 3. Safety Hardening: Re-emphasized regex redaction limitations and manual 'always' toggle requirements to satisfy ClawHub's latest audit feedback.

v4.0.0

Major Architecture Simplification: 1. Removed All Config Scripts: To eliminate security audit risks and code bloat, 'scripts/config.js' has been completely removed. 2. Native-Only: The agent is now instructed to use 'openclaw config' directly. 3. Logical Defaults: Built-in fallback logic for configuration is now part of the SKILL.md SOP, reducing the need for 'Safe' scripts.

v3.2.1

Zero-Shell Compliance Update: 1. Removed All Shell Injections: Deleted 'child_process' usage from config.js, satisfying ClawHub's strictest security audits. 2. Read-Write Separation: The skill now uses native Node 'fs' for read-only configuration access, while delegating all 'set' operations to the official OpenClaw CLI. 3. Transparency: Updated dual-language documentation to reflect the new auditable configuration workflow.

v3.2.0

Compliance Hardening Update: 1. Zero-Trust Metadata: Removed autonomous self-modifying code that could flip the 'always' flag from true to false, eliminating privilege escalation risks. 2. Dependency Inclusion: Explicitly added 'openclaw' binary to metadata requirements. 3. Transparency: Added manual instructions for global SOP enforcement and redaction warnings in context snapshots to satisfy ClawHub's latest audit feedback.

v3.1.1

System Integration Update: 1. Global Config: Transitioned from project-level JSON to OpenClaw's global configuration (~/.openclaw/openclaw.json). 2. CLI Driven: Refactored config.js to use 'openclaw config' CLI for all read/write operations, ensuring better schema compliance. 3. Defined Defaults: Standardized default behavior when config is missing (always=false, useSubAgents=false, maxSubAgents=3).

v3.1.0

Security Update: 1. Full Opt-in by Default: Changed 'always: true' to 'always: false' in SKILL.md to satisfy strict platform security audits and prevent forced SOP injection. 2. Integrated Load-time Configuration: The 'always' flag is now a first-class configuration key in scripts/config.js. Users can toggle global SOP enforcement using a single command, which automatically updates the skill's metadata.

v3.0.1

Configuration Refactor: Consolidated workflow-specific settings into the project-wide openclaw.json file under a dedicated namespace. This provides a cleaner unified configuration experience for users.

v3.0.0

Security Architecture Redesign: 1. Concurrency Downgrade: The agent is now strictly forbidden from using 'spawn' (sub-agents) by default, resolving the final Clawhub audit warnings regarding unbridled privilege escalation. The workflow acts sequentially by default. 2. Configurable Parallelism: Introduced scripts/config.js. Users who require high-throughput manager-worker behavior must manually opt-in by running 'node scripts/config.js set useSubAgents true'.

v2.9.1

Clean up: Removed the standalone 'sanitize-pii.js' script. Since Phase 6 now uses a 'User-Opt-In' review model that doesn't auto-write to memory, and context-snapshot.js now handles its own internal sanitization, the separate sanitization script was redundant.

v2.9.0

Architecture Simplification: To completely resolve platform audit flags concerning autonomous background file-writes, Phase 6 (Review) has been heavily refactored. The AI is now explicitly forbidden from writing to long-term memory automatically. Instead, it operates in a 'User-Opt-In' mode where it presents its review directly in the chat, leaving the final decision of whether (and how) to persist this knowledge entirely to the user.

v2.8.2

Security Update: Implemented inline code-level PII sanitization for context-snapshot.js. Arbitrary findings stored in snapshots are now automatically parsed against the PII regex filters before being written to disk, preventing accidental leakage of secrets into the ~/.openclaw directory.

v2.8.1

Memory Autonomy: Updated Phase 6 Review logic. The agent is now instructed to evaluate if the task actually yielded significant findings. Routine tasks can skip the memory-writing step, preventing long-term memory bloat.

v2.8.0

Security Hardening (ClawHub Audit): 1. Enforcement in Code: Replaced manual privacy instructions with a dedicated PII sanitization script (scripts/sanitize-pii.js) utilizing regex filters for emails, IPs, Auth tokens, and phone numbers. 2. Sandboxing constraints: Explicitly restricted the AI's use of spawn to approved sub-tasks only (banned generic OS exploration). 3. Transparent Opt-Out: Provided one-liner sed commands in READMEs to easily disable the 'always:true' global hook without manual JSON editing.

元数据

Slug multi-step-workflow

版本 4.4.5

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 59

常见问题