← 返回 Skills 市场
0xtommythomas-dev

SoulFlow — Agent Teams Workflow Skill

作者 0xtommythomas-dev · GitHub ↗ · v1.1.2
cross-platform ⚠ suspicious
948
总下载
0
收藏
2
当前安装
3
版本数
在 OpenClaw 中安装
/install soulflow
功能描述
General-purpose AI workflow framework for OpenClaw. Build custom multi-step workflows for any task — dev, ops, research, content, or automation. Ships with dev workflow examples.
安全使用建议
This skill is functionally coherent but requests powerful, persistent privileges. Before installing or running it: 1) Review the code (especially lib/runner.js and lib/gateway.js) and any workflows you will run. 2) Backup ~/.openclaw/openclaw.json and inspect authProfiles; consider removing sensitive authProfiles or creating a limited account for testing. 3) Be cautious: the worker inherits other agents' authProfiles and can access external services (GitHub, cloud). 4) Prefer running in an isolated/test OpenClaw instance or sandboxed user account first. 5) Only run workflows you (or trusted collaborators) author; inspect any third-party .workflow.json before execution. If you cannot inspect code or do not trust the author, avoid installing this skill.
功能分析
Type: OpenClaw Skill Name: soulflow Version: 1.1.2 The skill is classified as suspicious due to its extremely broad permissions and capabilities, which, while explicitly declared, present a significant attack surface. The `SKILL.md` and `README.md` clearly state that the skill creates a `soulflow-worker` agent with 'full tool access' (read, write, edit, exec, browser) and 'inherits authProfiles' (credentials) from existing agents. Workflows, such as `security-audit.workflow.json` and `deploy-pipeline.workflow.json`, directly instruct the worker agent to use `exec` for arbitrary command execution. While the documentation transparently warns users about these risks and the need to trust the skill author and custom workflows, the inherent power to perform RCE, access credentials, and modify the system (via `config.patch` in `lib/runner.js` to create agents) elevates it beyond benign, even without clear evidence of intentional malicious self-exploitation by the author.
能力评估
Purpose & Capability
The declared purpose — running multi-step workflows that read/edit files and run commands — aligns with most requested capabilities (node binary, access to OpenClaw config, ability to create a worker agent and use the gateway). Creating a dedicated worker agent and using WebSocket gateway calls is coherent for this functionality. However, copying authProfiles from existing agents into the new worker and granting it a 'full' tools profile is a high-privilege design choice that goes beyond minimal capability needed in many cases.
Instruction Scope
SKILL.md and the code instruct the agent to read ~/.openclaw/openclaw.json (to obtain gateway auth token), call config.get/config.patch on the gateway, create/modify agents, and write files under ~/.openclaw (agent soul, state, workspace). That is within the engine's purpose but broad: the runner intentionally extracts gateway tokens and copies authProfiles into the worker (granting the worker access to external services such as GitHub/cloud). The NL handler spawns child processes, and steps are explicitly told to USE TOOLS (read/edit/exec/browser), meaning workflows can read and modify arbitrary project files and run commands.
Install Mechanism
There is no remote download/install step: the package is self-contained Node.js code (zero external dependencies). Nothing is pulled from shorteners or untrusted URLs at install time. This reduces supply-chain risk compared to skills that download archives or install third-party packages.
Credentials
No environment variables are declared, but the code reads ~/.openclaw/openclaw.json to extract gateway.auth.token and then uses that token to authenticate with the local gateway. The worker agent creation copies authProfiles from existing agents into the new worker, effectively granting it any external service credentials already configured. Reading and reusing those credentials is a powerful capability and not strictly minimal for all workflow uses.
Persistence & Privilege
The skill creates a persistent agent (soulflow-worker) by patching the gateway config and writing agent files under ~/.openclaw/agents/. That modifies system-wide/OpenClaw-wide configuration and can persist long-term with full tool access (read/write/edit/exec/browser). While 'always' is false, the skill still requests durable, high-privilege presence and can inherit other agents' credentials — increasing blast radius if abused.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install soulflow
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /soulflow 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.2
soulflow 1.1.2 - Updated permissions metadata to explicitly list required file access, including read/write to `~/.openclaw/openclaw.json` and workspace directories. - Clarified that the `soulflow-worker` agent inherits `authProfiles` from existing agents, granting access to external services (e.g., GitHub, cloud providers). - Strengthened security notes: worker agent inherits credentials; operations require local permissions; installation is recommended only if you trust the skill author. - No changes to functionality or workflow handling; documentation updates to reflect security and permission details.
v1.1.1
SoulFlow 1.1.1 - Added LICENSE file for open source licensing and legal clarity. - Updated project metadata to specify permissions needed (config read, gateway modify, agent creation, filesystem write) and included a security note on agent privileges. - Updated homepage URL in metadata. - Enhanced documentation with new “Security & Permissions” section explaining agent capabilities and operational privileges.
v1.1.0
Initial release v1.1.0 Features: - General-purpose workflow framework for multi-step AI tasks - Zero dependencies (pure Node.js 22) - Auto-notifications when workflows complete - 6 example workflows (dev, ops, content) - Natural language invocation - Interactive workflow builder
元数据
Slug soulflow
版本 1.1.2
许可证
累计安装 3
当前安装数 2
历史版本数 3
常见问题

SoulFlow — Agent Teams Workflow Skill 是什么?

General-purpose AI workflow framework for OpenClaw. Build custom multi-step workflows for any task — dev, ops, research, content, or automation. Ships with dev workflow examples. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 948 次。

如何安装 SoulFlow — Agent Teams Workflow Skill?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install soulflow」即可一键安装,无需额外配置。

SoulFlow — Agent Teams Workflow Skill 是免费的吗?

是的,SoulFlow — Agent Teams Workflow Skill 完全免费(开源免费),可自由下载、安装和使用。

SoulFlow — Agent Teams Workflow Skill 支持哪些平台?

SoulFlow — Agent Teams Workflow Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 SoulFlow — Agent Teams Workflow Skill?

由 0xtommythomas-dev(@0xtommythomas-dev)开发并维护,当前版本 v1.1.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论