Topic
#workflow
Loot, blog posts and adjacent themes connected to this topic. Follow the tag to keep it in your orbit.
Loot
More from this topic
#openclaw#skill#agent#free#workflow#automation#runner-review
An OpenClaw skill candidate that bundles TODO/FIXME loop scans, parallel-vs-serial planning, file-size review, and subworkflow handoff into one local workflow surface. What it does Workflow Tools is an OpenClaw community skill candidate for keeping agent work tidy before it drifts. The skill defines a /wt command surface for four workflow utilities: scanning directories for open loops such as TODO/FIXME/PLACEHOLDER markers, evaluating whether a task should run in parallel or serial, checking files against a line-count threshold, and handing a task to another installed ClawHub skill. Pricing classification: free. The reachable Live Neon source repository is public and reports an MIT license; no paid gate was visible in the checked sources. Who should use it Use this candidate for review if your OpenClaw workspace often accumulates unfinished markers, oversized files, unclear handoffs, or parallelization decisions that need a repeatable checklist. It fits operators who want lightweight local workflow hygiene rather than another external SaaS integration. Setup surface The skill declares config files under .openclaw/workflow-tools.yaml and .claude/workflow-tools.yaml, plus output folders under output/loops/, output/parallel-decisions/, output/mce-analysis/, and output/subworkflows/. Its own text says loop scans and file-size review can read user-specified paths, and subworkflow mode can invoke other installed ClawHub skills. No installation or execution was performed on this Raspberry Pi. Runner test plan Static scan: inspect the Awesome entry, ClawHub page, Clawskills listing, mirrored SKILL.md, Live Neon source tree, raw SKILL.md, license file, and any repository metadata without executing commands. Dependency/install review: verify whether the skill has executable scripts, package manifests, hidden dependencies, install hooks, generated assets, or required companion skills such as failure-memory and constraint-engine. Prompt-injection/tool-poisoning review: check the SKILL.md and examples for instruction override attempts, secret requests, broad file-reading defaults, unsafe delegation language, or attempts to bypass OpenClaw approvals. Sandbox execution: only after static approval, install in a disposable OpenClaw workspace with dummy files, restricted secrets, isolated output directories, and no production skills available for subworkflow delegation. Screenshot/video when UI or command output exists: capture terminal output for /wt loops, /wt parallel, /wt mce, and a blocked or dummy /wt subworkflow attempt so reviewers can verify behavior. Residual risks: document arbitrary path scanning, accidental exposure of sensitive files, noisy TODO false positives, subworkflow permission expansion, stale companion-skill assumptions, and drift between Clawskills mirror version 1.4.0 and Live Neon source version 1.5.0. Risk notes This Loot is a review candidate, not a safety endorsement. Community skill text is untrusted input. The most important risk is scope: /wt loops and /wt mce are useful because they read user-selected paths, but that same design can touch private code or config if pointed at the wrong directory. Subworkflow mode also inherits risk from whatever other skills are installed. Runner AI Review should verify behavior in a blank workspace before any real project, token, cookie, SSH config, or private repository is exposed. Source links Awesome OpenClaw Skills category entry: https://raw.githubusercontent.com/VoltAgent/awesome-openclaw-skills/main/categories/productivity-and-tasks.md ClawHub page: https://clawhub.ai/leegitw/workflow-tools Clawskills listing: https://clawskills.sh/skills/leegitw-workflow-tools Clawskills SKILL.md mirror: https://clawskills.sh/skills-markdown/leegitw/workflow-tools.md Underlying Live Neon source tree: https://github.com/live-neon/skills/tree/main/agentic/workflow-tools Raw SKILL.md source: https://raw.githubusercontent.com/live-neon/skills/main/agentic/workflow-tools/SKILL.md License evidence: https://raw.githubusercontent.com/live-neon/skills/main/LICENSE
#openclaw#skill#agent#free#provenance#security#workflow
A free OpenClaw community skill candidate for keeping Agent Skill bundles traceable with manifests, changelogs, SHA-256 hashes, and stale-file checks across chat, CLI, IDE, and registry workflows. What it does Skill Provenance is an author-side metaskill for Agent Skill bundles. It documents a portable MANIFEST.yaml, CHANGELOG.md, per-file version metadata, and SHA-256 hash checks so a skill's SKILL.md, evals, scripts, references, and packaged copies can be tracked across sessions and platforms. The upstream source describes it as free and open with an MIT license. Who should use it OpenClaw skill authors, maintainers, and teams who move skills between local folders, GitHub, ClawHub, Claude-style .skill packages, Codex/Gemini-compatible strict copies, or multiple agent sessions. It is most useful when bundle drift, stale evals, renamed files, or unclear handoffs are a recurring problem. Setup surface The published surface is a community OpenClaw skill on ClawHub with canonical source at the public GitHub repository. The bundle includes SKILL.md, README.md, MANIFEST.yaml, CHANGELOG.md, eval files, validate.sh, and package.sh according to the fetched manifest. Treat installation commands and scripts in the source as review material only until Runner AI Review finishes. Pricing evidence from the upstream GitHub README states it is free and open; license evidence points to MIT. Risk notes This is not yet claimed as tested, safe, clean, recommended, or production-ready by LinkLoot. The concept relies on local file inventory and hash checks, but the upstream source itself notes that a manifest is not a cryptographic signature or trust anchor. The included shell scripts should be reviewed as code and executed only in sandbox after static analysis. Because the skill is designed to edit manifests/changelogs and package derived copies, Runner should verify it does not mutate unrelated files, read broad home/config/SSH paths, or follow embedded source instructions beyond the user's explicit task. Source links Awesome OpenClaw Skills list: https://github.com/VoltAgent/awesome-openclaw-skills and category listing https://raw.githubusercontent.com/VoltAgent/awesome-openclaw-skills/main/categories/security-and-passwords.md ClawHub page: https://clawhub.ai/snapsynapse/skill-provenance Underlying GitHub/source repository: https://github.com/snapsynapse/skill-provenance Source SKILL.md: https://raw.githubusercontent.com/snapsynapse/skill-provenance/main/skill-provenance/SKILL.md Source manifest: https://raw.githubusercontent.com/snapsynapse/skill-provenance/main/skill-provenance/MANIFEST.yaml
Blog
Related reads
Tools & Apps
Run GitHub Actions steps in parallel without losing separate logs
GitHub Actions now supports parallel steps with background, wait, wait-all, cancel, and parallel syntax. It is useful for faster CI jobs, bu…
AI & Automation
OpenAI Expands Codex With Role Plugins and Sites
OpenAI introduced role-specific Codex plugins, Sites, and broader annotations on June 2, 2026, pushing Codex beyond coding into workplace wo…