技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.1.2
统计:⭐ 0 · 713 · 3 current installs · 3 all-time installs
⭐ 0
安装量(当前) 3
🛡 VirusTotal :可疑 · OpenClaw :可疑
Package:0xtommythomas-dev/soulflow
安全扫描(ClawHub)
- VirusTotal :可疑
- OpenClaw :可疑
OpenClaw 评估
The skill generally does what it claims (create isolated worker agents and run multi-step workflows), but it requires high privileges (reads gateway auth token, modifies gateway config, creates a persistent worker that inherits other agents' authProfiles) that are disproportionate and risky unless you fully trust the author and inspect the code/workflows first.
目的
The declared purpose — running multi-step workflows that read/edit files and run commands — aligns with most requested capabilities (node binary, access to OpenClaw config, ability to create a worker agent and use the gateway). Creating a dedicated worker agent and using WebSocket gateway calls is coherent for this functionality. However, copying authProfiles from existing agents into the new worker and granting it a 'full' tools profile is a …
说明范围
SKILL.md and the code instruct the agent to read ~/.openclaw/openclaw.json (to obtain gateway auth token), call config.get/config.patch on the gateway, create/modify agents, and write files under ~/.openclaw (agent soul, state, workspace). That is within the engine's purpose but broad: the runner intentionally extracts gateway tokens and copies authProfiles into the worker (granting the worker access to external services such as GitHub/cloud).…
安装机制
There is no remote download/install step: the package is self-contained Node.js code (zero external dependencies). Nothing is pulled from shorteners or untrusted URLs at install time. This reduces supply-chain risk compared to skills that download archives or install third-party packages.
证书
No environment variables are declared, but the code reads ~/.openclaw/openclaw.json to extract gateway.auth.token and then uses that token to authenticate with the local gateway. The worker agent creation copies authProfiles from existing agents into the new worker, effectively granting it any external service credentials already configured. Reading and reusing those credentials is a powerful capability and not strictly minimal for all workflo…
持久
The skill creates a persistent agent (soulflow-worker) by patching the gateway config and writing agent files under ~/.openclaw/agents/. That modifies system-wide/OpenClaw-wide configuration and can persist long-term with full tool access (read/write/edit/exec/browser). While 'always' is false, the skill still requests durable, high-privilege presence and can inherit other agents' credentials — increasing blast radius if abused.
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「SoulFlow — Agent Teams Workflow Skill」。简介:General-purpose AI workflow framework for OpenClaw. Build custom multi-step wor…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/0xtommythomas-dev/soulflow/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
暂无本地缓存内容,可在后台执行详情同步。