📦 Comanda — 声明式AI流

Name: Comanda — 声明式AI流
Rating: 1

v1.0.2

用 comanda CLI 一句话生成、可视化并执行 LLM 工作流。支持 OpenAI、Anthropic、Google、Ollama、Claude Code、Gemini CLI、Codex 多模型编排，可实时查看流程图、编辑 YAML、本地运行，零代码搭建复杂 AI 管道。

1· 1.9k·0 当前·0 累计

by @kris-hansen

AI模型访问工作流开发工具自动化

下载技能包

最后更新

2026/4/22

安全扫描

VirusTotal

可疑

查看报告

OpenClaw

安全

medium confidence

NULL

评估建议

This skill is an instruction-only integration for the comanda CLI and is coherent with that purpose. Before using it: (1) Only install the actual comanda binary from trusted sources (brew or the official repo); verify the GitHub repo and release signatures if possible. (2) Inspect any workflow YAML before running it — workflows can read files, environment variables, fetch URLs, and invoke agentic models that may run shell commands. Do not run untrusted workflows on sensitive hosts or with creden...

详细分析 ▾

✓ 用途与能力

Name/description match the SKILL.md and WORKFLOW-SPEC: this is a user-facing guide for the comanda CLI to generate/visualize/execute YAML workflows that chain LLMs. The skill is instruction-only and therefore does not itself request credentials or binaries; that is consistent because the CLI (installed separately by the user) is what requires API keys.

ℹ 指令范围

The instructions show workflows reading local files, referencing environment variables, fetching URLs, running shell loops, and using 'agentic' models that can execute commands and edit the filesystem. This is plausible for a workflow engine, but it widens the scope: workflows can access local files and env vars and execute commands, so untrusted workflows could exfiltrate data or run arbitrary commands. The SKILL.md does not itself instruct the platform agent to read unrelated host files, but it documents that comanda workflows can.

✓ 安装机制

There is no install spec in the skill (instruction-only). The SKILL.md suggests installing via Homebrew or 'go install' — both are conventional release methods. No downloaded, opaque artifacts are included in the skill bundle.

ℹ 凭证需求

The skill declares no required env vars (reasonable for an instruction-only skill). However, it instructs users to 'comanda configure' to set provider API keys and documents that workflows can reference arbitrary environment variables. That means sensitive credentials will be managed outside this skill by the external CLI; users should expect to supply provider keys locally and be aware that workflows may read environment variables.

✓ 持久化与权限

The skill is not always-enabled, is user-invocable, and allows model invocation (the platform default). It does not request persistent system-wide configuration or modify other skills. Autonomous invocation is allowed by default but not combined with 'always:true' or other elevated privileges.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.22026/1/28

NULL

● 可疑

安装命令

点击复制

官方npx clawhub@latest install comanda

镜像加速npx clawhub@latest install comanda --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库