← 返回 Skills 市场
Workflow Runner
作者
yufengwolf
· GitHub ↗
· v1.0.0
· MIT-0
279
总下载
0
收藏
7
当前安装
1
版本数
在 OpenClaw 中安装
/install workflow-runner
功能描述
Automate end-to-end code implementation and testing with persistent coding and testing subagents, iterating until tests pass and committing results locally.
安全使用建议
This skill is a proof-of-concept that mostly does what it says, but there are gaps and some risky choices you should consider before installing:
- Sensitive on-disk session data: session-store.js writes session metadata (including sessionKey-like strings) to skills/workflow-runner/session-store.json. Those session identifiers can be sensitive — treat the file as credentials and audit/remove any real session tokens before using the skill.
- Undeclared runtime dependencies: testing_worker.sh uses jq and the scripts use tar and standard shell utilities. The skill metadata lists no required binaries; ensure jq/tar are available or update the scripts/metadata. If jq is not present, tests may fail in ways that could be confusing.
- Placeholder behavior: orchestrator.js only prints payloads for sessions_spawn and does not perform real API calls; no script actually performs the advertised local git commit. If you expect full automation, you or a reviewer must implement the platform-specific calls and the commit step and re-audit them.
- Local artifacts and permissions: the skill writes to results/ and /tmp; run it in a dedicated workspace and ensure file permissions are appropriate.
- Best practices: run this skill only in an isolated/dev environment, inspect and sanitize session-store.json (remove hardcoded sessionKeys), add declared dependencies, and implement/inspect any code that will call platform session APIs before granting it access to live session credentials. If you are uncomfortable with persistent session tokens on disk, do not install or disable persistence and manual-manage sessions instead.
功能分析
Type: OpenClaw Skill
Name: workflow-runner
Version: 1.0.0
The workflow-runner skill is a framework for orchestrating multi-agent development tasks, such as code generation and automated testing. The included scripts (e.g., orchestrator.js, coding_worker.sh, and testing_worker.sh) provide functional templates for managing subagent sessions, creating artifacts, and reporting results. While the skill involves high-privilege operations like spawning subagents and executing generated code, these actions are clearly aligned with the stated purpose and lack any indicators of malicious intent, data exfiltration, or obfuscation.
能力评估
Purpose & Capability
The skill claims an end-to-end implement+test loop with persistent subagents and local git commits; the included scripts implement a minimal proof-of-concept (artifact creation, test running, session store) but key behaviors are placeholders. Orchestrator only prints sessions_spawn payloads instead of calling platform APIs, and no script performs the advertised local git commit. Overall capability is consistent in intent but incomplete.
Instruction Scope
SKILL.md stays within the development-workflow scope (parse spec, spawn subagents, loop until tests pass, write results/). The scripts write artifacts and logs to results/ and /tmp, and store session metadata to a file. Instructions do not actively exfiltrate data to remote endpoints, but the orchestrator explicitly expects the main agent to call sessions_spawn/platform APIs (left as a manual connection point).
Install Mechanism
There is no remote install or download; this is an instruction-only skill with bundled scripts. No external URLs or installers are used.
Credentials
The skill declares no required env/config, but it persists session keys (session-store.js writes to skills/workflow-runner/session-store.json) which can contain sensitive session identifiers. Scripts also rely on system tools not documented in metadata (testing_worker.sh uses jq; scripts use tar, mkdir, chmod, etc.). The presence of stored 'sessionKey' values in the bundled session-store.json indicates the skill expects to handle session tokens — this should have been declared and justified.
Persistence & Privilege
The skill keeps persistent subagent session metadata (TTL, session keys) in a file under skills/workflow-runner. always:false (good). It does persist potentially sensitive session identifiers locally and retains subagent sessions by design (TTL configurable). It does not modify other skills' configs, but the local storage of session tokens increases blast radius if the host or workspace is shared.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install workflow-runner - 安装完成后,直接呼叫该 Skill 的名称或使用
/workflow-runner触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of workflow-runner: automate end-to-end coding and testing workflows using persistent subagents.
- Parses requirements, splits tasks between coding and testing subagents, and loops until tests pass.
- Subagents operate in isolated 128k contexts and persist for up to 24 hours (configurable).
- Produces all artifacts in results/ and commits code locally (no remote push).
- Supports configuration for TTL, max retries, commit behavior, and results path.
- Triggered by natural language requests or explicit `run workflow-runner: <spec>` commands.
- Includes example workflow and orchestrator/helper scripts.
元数据
常见问题
Workflow Runner 是什么?
Automate end-to-end code implementation and testing with persistent coding and testing subagents, iterating until tests pass and committing results locally. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 279 次。
如何安装 Workflow Runner?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install workflow-runner」即可一键安装,无需额外配置。
Workflow Runner 是免费的吗?
是的,Workflow Runner 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Workflow Runner 支持哪些平台?
Workflow Runner 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Workflow Runner?
由 yufengwolf(@yufengwolf)开发并维护,当前版本 v1.0.0。
推荐 Skills