← 返回 Skills 市场
242
总下载
0
收藏
0
当前安装
4
版本数
在 OpenClaw 中安装
/install openclaw-workflow
功能描述
OC-Flow:为你的 OpenClaw 注入"确定性"灵魂。OC-Flow 完全嵌入在 OpenClaw 体系内,赋予 Agent 完整的流程控制能力:条件分支、循环遍历、精准等待、状态管理。通过 YAML 剧本实现固定流程、多步循环、严苛逻辑的任务。适用场景:财务办公、开发运维、个人助理。
安全使用建议
This skill is a full-featured workflow engine that will run arbitrary shell commands and inline Python from YAML, perform HTTP requests, send messages to external targets, and interact with your OpenClaw Gateway/sessions files. Before installing:
- Confirm you have (and want the skill to use) the OpenClaw CLI/gateway and that your ~/.openclaw/openclaw.json is accessible; the code expects to read that file but the skill metadata does not declare this requirement.
- Inspect scripts/engine/sandbox.py and engine/nodes.py to verify how 'code' nodes are sandboxed — inline Python may be able to access files/network unless properly restricted.
- Be aware workflows can include script nodes that run arbitrary shell commands and HTTP nodes that can exfiltrate data; only run workflows from trusted sources and consider running the skill in an isolated environment or container.
- If you rely on other OpenClaw sessions or skills, note the bridge manipulates sessions and factory child sessions; review cleanup behavior to ensure it won't affect unrelated sessions.
- Ideally the publisher should update metadata to declare dependence on the 'openclaw' CLI and the ~/.openclaw config paths, and clarify dashboard scanning behavior. If you need higher assurance, request the maintainer to document sandbox guarantees and to limit undocumented access to OpenClaw configs.
功能分析
Type: OpenClaw Skill
Name: openclaw-workflow
Version: 1.0.3
The OpenClaw Workflow engine provides extensive automation capabilities but contains significant security vulnerabilities that could be exploited. The 'sandbox' implementation in `scripts/engine/sandbox.py` is highly insecure, as it explicitly includes the `open` builtin and the `pathlib` module in its whitelist, allowing arbitrary file system read/write access. Furthermore, the `script` node in `scripts/engine/nodes.py` executes shell commands using `subprocess.run(shell=True)` on strings resolved from workflow templates, which facilitates Remote Code Execution (RCE). While these features are aligned with the tool's purpose as an orchestration engine, the lack of robust execution boundaries and input sanitization makes the bundle a high-risk component if untrusted workflows are processed.
能力评估
Purpose & Capability
The skill claims to be a deterministic workflow engine and the included code implements engine/bridge/dashboard functionality, which is consistent. However the bridge relies on calling the OpenClaw gateway CLI and reading OpenClaw config files (~/.openclaw/openclaw.json and sessions index) while the declared requirements only list python3 and 'Required config paths' is empty. The skill should have declared that it expects an 'openclaw' CLI/gateway and access to the user's OpenClaw config directory; omission is an incoherence.
Instruction Scope
Runtime instructions and code allow executing arbitrary shell commands (script nodes), inline Python (code nodes), HTTP requests, sending messages (channels/targets), and spawning subagents. These are expected features for a workflow engine, but they give the skill the ability to read environment variables, access files under ~/.openclaw, call external endpoints, and execute arbitrary commands supplied in YAML. The SKILL.md states the dashboard will 'not recursively read the entire workspace' but the dashboard code recursively rglob() under the workflows directory — a minor mismatch but indicative of documentation/code drift.
Install Mechanism
No install spec is present (instruction-only style), so nothing is automatically downloaded or installed by the registry. Dependencies are managed via a requirements.txt and the README suggests pip install -r scripts/requirements.txt; that is a moderate, expected pattern for Python projects.
Credentials
Declared requirements list no env vars or config paths, but the code (bridge.py) reads ~/.openclaw/openclaw.json (possibly containing gateway token/port) and accesses session index files. The engine also exposes template interpolation of {{env.VAR}}. The skill therefore expects access to OpenClaw configuration and local file paths without declaring them — an undeclared sensitive access pattern.
Persistence & Privilege
always:false (good). The skill writes/reads workflows and run history (WORKFLOW_DIR / RUNS_DIR) and manages session keys and factory sessions. It may create and later clean up session artifacts via the gateway CLI. That is within the scope of a workflow engine, but because it interacts with shared OpenClaw sessions and can invoke gateway actions, users should consider the blast radius if the skill is later invoked autonomously.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-workflow - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-workflow触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.3
更新简介为中文营销文案
v1.0.2
License: CC BY-NC 4.0 (Non-Commercial)
v1.0.1
Update license to MIT-0
v1.0.0
Initial release: Deterministic YAML workflow engine with subagent parallel execution
元数据
常见问题
Openclaw Workflow Publish 是什么?
OC-Flow:为你的 OpenClaw 注入"确定性"灵魂。OC-Flow 完全嵌入在 OpenClaw 体系内,赋予 Agent 完整的流程控制能力:条件分支、循环遍历、精准等待、状态管理。通过 YAML 剧本实现固定流程、多步循环、严苛逻辑的任务。适用场景:财务办公、开发运维、个人助理。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 242 次。
如何安装 Openclaw Workflow Publish?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-workflow」即可一键安装,无需额外配置。
Openclaw Workflow Publish 是免费的吗?
是的,Openclaw Workflow Publish 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Openclaw Workflow Publish 支持哪些平台?
Openclaw Workflow Publish 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Openclaw Workflow Publish?
由 铲屎将军(@wlmh110)开发并维护,当前版本 v1.0.3。
推荐 Skills