workflow-builder
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The file
SKILL.mdacts as a documentation and template resource for workflow creation within the OpenClaw ecosystem. It contains no executable scripts or active malicious logic. - [COMMAND_EXECUTION]: Documentation provides examples of CLI commands (e.g.,
openclaw cron add) for scheduling tasks. These are instructional patterns for the user and are not executed automatically by the skill itself. - [PROMPT_INJECTION]: The skill includes instructions and templates for defining agent behavior (
AGENT.md). These templates are benign, focusing on operational logic such as setup interviews, regular operation loops, and housekeeping, without attempting to bypass safety guidelines. - [EXTERNAL_DOWNLOADS]: The documentation references
clawhubfor skill discovery and includes commands for inspecting external packages (npx clawhub inspect). This is presented in a defensive context, explicitly warning users to review code for exfiltration and safety-bypass patterns before use.
Audit Metadata