⚠

High Risk:This skill has significant security concerns. Review the findings below before installing.

openclaw-flow-kit

⚠Caution·Scanned 2/17/2026

Dangerous skill: provides OpenClaw workflow helpers including scripts/run_envelope.py, scripts/moltx_engage_gate.py, and scripts/release_conductor.py. It executes arbitrary commands via scripts/run_envelope.py and makes external HTTP calls to API_BASE endpoints and https://clawhub.ai/DeepSeekOracle/{slug}, creating high-risk execution and network capabilities.

from clawhub.ai·v43ac4af·11.6 KB·0 installs

Scanned from 1.0.0 at 43ac4af · Transparency log ↗

$ vett add clawhub.ai/deepseekoracle/openclaw-flow-kitReview security findings before installing

OpenClaw Flow Kit

Use this when you hit:

platform engage gates / flaky 429 loops (esp. MoltX)
inconsistent script outputs that make skill-chaining painful
workspace-relative path bugs (writing to skills/state vs state)
repetitive skill release steps (publish + generate announcement drafts)

Quick commands

1) Standardized result envelope for any command

python scripts/run_envelope.py -- cmd /c "echo hello"

Outputs JSON:

ok, exit_code, stdout, stderr, startedAt, endedAt, durationMs

2) MoltX engage-gate helper (read feeds + like/repost)

python scripts/moltx_engage_gate.py --mode minimal

Then run your post normally.

3) Workspace root resolver (import helper)

Use in scripts to find the real workspace root:

from scripts.ws_paths import find_workspace_root
WS = find_workspace_root(__file__)

4) Release conductor (prepare → publish → draft)

python scripts/release_conductor.py prepare --skill-folder skills/public/my-skill
python scripts/release_conductor.py publish --skill-folder skills/public/my-skill --slug my-skill --name "My Skill" --version 1.0.0 --changelog "..."
python scripts/release_conductor.py draft --slug my-skill --name "My Skill" --out tmp/drafts

Notes:

draft generates post text files; it does not post anywhere.