OSOP Workflow Reviewer
Review a workflow or execution log for risks and issues.
Target file
$ARGUMENTS
What to do
- Read the file specified in the argument (
.osop or .osoplog.yaml)
- Analyze for risks — check each node for:
security.risk_level: high|critical without preceding approval_gatesecurity.permissions containing broad patterns (write:, admin:, delete:*)cli nodes with destructive commands (rm -rf, kubectl delete, terraform destroy, DROP TABLE)- Hardcoded secrets (strings starting with
sk-, ghp_, xoxb-, API keys) - Agent nodes without
cost.estimated (unbounded cost exposure) - Missing
timeout_sec on external call nodes (api, cli, agent, infra, mcp) - Missing error handling (no
fallback/error edge) on medium+ risk nodes
- Compute risk score (0-100):
- Each node:
type_weight risk_multiplier mitigation_factor - Type weights: cli=2, infra=2, db=1.5, agent=1.5, docker=1.5, cicd=1.5, api=1, others=0.5-1
- Risk multiplier: low=1, medium=2, high=4, critical=8
- Mitigations: approval_gate=-50%, retry_policy=-10%, fallback_edge=-20%
- Finding penalty: low=+2, medium=+5, high=+10, critical=+20
- Present findings in a clear table:
```
Risk Score: XX/100 — VERDICT (safe/caution/warning/danger)
| Severity | Finding | Node | Suggestion |
|----------|---------|------|------------|
| CRITICAL | ... | ... | ... |
```
- Summarize:
- Total permissions required
- Secrets referenced
- Estimated cost (if any)
- Whether approval gates exist
- Final verdict: is this safe to run?
For .osoplog files
If reviewing an execution log, also check:
- Which tools were actually used and how many calls
- Whether any nodes failed and why
- AI reasoning decisions — were they sound?
- Sub-agent hierarchy — was the spawning appropriate?
- Total execution time and cost