ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

PRD Engine

v1.0.0

Complete system for writing, reviewing, and approving product requirement documents (PRDs) from idea validation through shipped features.

0· 673·0 current·0 all-time
by@1kalin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description match the provided materials: templates, discovery checklists, PRD structure, scoring rubric, and agent-ready story formats. There are no unrelated requirements (no env vars, no binaries, no config paths).
Instruction Scope
SKILL.md is a long, prescriptive set of templates and processes for writing PRDs. It does not request system files, credentials, or network exfiltration in the excerpts provided. It references 'AI Agent Mode — file paths, verification commands, done-when' (intended to format outputs for coding agents), so you should confirm the rest of the document doesn't instruct the agent to read local files, environment variables, or post content to third-party endpoints.
Install Mechanism
No install spec or code files are present. This instruction-only skill does not download or install external packages, minimizing installation risk.
Credentials
The skill declares no required environment variables, credentials, or config paths. Nothing in the README/SKILL.md indicates a need for secrets or unrelated external service credentials.
Persistence & Privilege
The skill is not marked always:true and is user-invocable. It does not request persistent system changes or modify other skills' configurations in the provided materials.
Assessment
This skill is instruction-only and appears coherent for writing PRDs; it's lower risk because it requests no credentials and installs nothing. Before installing or using it: (1) scan the full SKILL.md for any lines that tell the agent to read local files, environment variables, or run shell commands — those would broaden risk; (2) avoid pasting confidential product data into external or unknown AI services the skill might suggest; (3) be aware README links point to external AfrexAI pages (marketing/paid packs) — those are just links, but confirm you trust the source if you follow them; (4) if you plan to run the skill with an autonomous agent, restrict the agent's permissions (no access to secrets or file system) unless you explicitly need that. Overall, the skill is coherent with its stated purpose.

Like a lobster shell, security has layers — review code before you run it.

agilevk97bet560yv2g2d5hpqf3v7jdx81674mlatestvk97bet560yv2g2d5hpqf3v7jdx81674mplanningvk97bet560yv2g2d5hpqf3v7jdx81674mprdvk97bet560yv2g2d5hpqf3v7jdx81674mproductvk97bet560yv2g2d5hpqf3v7jdx81674mrequirementsvk97bet560yv2g2d5hpqf3v7jdx81674mspecificationvk97bet560yv2g2d5hpqf3v7jdx81674msprintvk97bet560yv2g2d5hpqf3v7jdx81674muser-storiesvk97bet560yv2g2d5hpqf3v7jdx81674m

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments