← 返回 Skills 市场
Workflow Engine
作者
Pedro Gonzalez
· GitHub ↗
· v1.0.0
1246
总下载
0
收藏
13
当前安装
1
版本数
在 OpenClaw 中安装
/install workflow-engine
功能描述
Structural parity skeleton for queue-driven orchestration in a workflow context.
安全使用建议
This is an instruction-only skeleton that reads/writes local 'ops' and queue files and otherwise behaves as a deterministic orchestrator. Things to consider before installing or running anything: 1) The package contains no install scripts or hook definitions, yet the README tells you to run './install-hooks.sh' and 'openclaw hooks enable' — do not run unknown install scripts; obtain and inspect them first. 2) Enabling hooks modifies agent-wide behavior; only enable them if you trust the source and understand what each hook does. 3) Review any local ops/queue files for secrets before letting the skill read them, and consider running in an isolated/test agent to observe effects. 4) If you need more assurance, ask the publisher for the missing install artifacts, source repository, or a signed release before enabling hooks in production.
功能分析
Type: OpenClaw Skill
Name: workflow-engine
Version: 1.0.0
The skill is classified as suspicious primarily due to the `allowed-tools: Bash` permission and the 'Installation' section in `SKILL.md`. This section instructs the AI agent to execute an external script `./install-hooks.sh` (which is not provided for analysis) and to enable OpenClaw hooks. The execution of an unknown script via `Bash` introduces a significant supply chain vulnerability, as its contents could be malicious. While the 'Safety Constraints' section attempts to mitigate shell injection risks, the underlying capability for `Bash` execution and the instruction to run an unverified script raise a strong suspicion of potential misuse or vulnerability.
能力评估
Purpose & Capability
Name and description match the instructions: this is a skeleton workflow/queue orchestrator that reads/writes local queue and ops files. However, the SKILL.md includes installation steps (./install-hooks.sh, openclaw hooks enable) that imply additional artifacts or system changes that are not present in the package. That mismatch is noteworthy but could be legitimate if install artifacts are distributed separately.
Instruction Scope
Runtime instructions direct the agent to read and persist local files (ops/*, ops/queue/*) which is consistent with a queue orchestrator. But the SKILL.md also instructs running an install script and invoking openclaw hooks enable commands that will modify agent hooks/configuration; those steps are outside the normal read/operate-on-queue scope and could change agent behaviour. The skill permits use of Bash as an allowed tool while also claiming 'Never: execute arbitrary shell from user-provided strings' — that is a useful safety constraint but still leaves room for shell actions. The skill itself does not include the install script or hook definitions to audit.
Install Mechanism
There is no formal install spec (lowest install risk). However, the SKILL.md provides manual install instructions that reference './install-hooks.sh' and 'openclaw hooks enable'—neither file nor script is included. The absence of provided install artifacts means a user would need to obtain or run external scripts whose contents are unknown.
Credentials
The skill declares no required environment variables, binaries, or config paths. The requested scope of access (reading ops/ and queue files) is proportional to the stated purpose.
Persistence & Privilege
The skill does not force persistent inclusion (always:false), which is good. But its installation guidance explicitly tells operators to enable hooks via 'openclaw hooks enable', which would modify agent-level hook configuration (i.e., system/other-skills behavior). Instructions that change hook configuration are a persistence/privilege concern because they alter agent behavior beyond the skill's own runtime, and the skill package doesn't include the artifacts to inspect before making those changes.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install workflow-engine - 安装完成后,直接呼叫该 Skill 的名称或使用
/workflow-engine触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: derivation pipeline, queue state machine, runtime loader, real OpenClaw hooks (session-orient, write-validate, session-capture), hook config generation, auto-install script
元数据
常见问题
Workflow Engine 是什么?
Structural parity skeleton for queue-driven orchestration in a workflow context. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1246 次。
如何安装 Workflow Engine?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install workflow-engine」即可一键安装,无需额外配置。
Workflow Engine 是免费的吗?
是的,Workflow Engine 完全免费(开源免费),可自由下载、安装和使用。
Workflow Engine 支持哪些平台?
Workflow Engine 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Workflow Engine?
由 Pedro Gonzalez(@plgonzalezrx8)开发并维护,当前版本 v1.0.0。
推荐 Skills