ClawHub

OpenTangl

v0.1.10

Not a code generator — an entire dev team. You write the vision, it ships the code. Autonomous builds, PRs, reviews, and merges across multiple repos. Point...

2· 488·0 current·0 all-time
by@8co
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (autonomous development for JS/TS repos) matches the declared requirements: node, git, and the GitHub CLI (gh) are reasonable for detecting project type, creating repos/PRs, and merging. There are no unrelated environment variables, binaries, or install artifacts that wouldn't be needed for this purpose.
Instruction Scope
SKILL.md instructs the agent to read configuration files inside the user-provided project directory (package.json, tsconfig.json, lockfiles, etc.), create projects.yaml and vision docs in the OpenTangl root, and use gh for repo operations. The doc explicitly limits file reads to the supplied directory and requires user confirmation at each gate. These actions are within scope for a tool that configures and orchestrates multi-repo development.
Install Mechanism
This is an instruction-only skill with no install spec and no downloads or archive extraction. That minimizes disk-write risk and is proportionate to an orchestrator that relies on preinstalled tools.
Credentials
The skill requests no environment variables or tokens itself, which is appropriate. It does rely on the GitHub CLI (gh) and therefore on whatever GitHub credentials the user has configured locally; users should be aware that gh operations will use their account/credentials and permissions.
Persistence & Privilege
always:false and user-invocable:true are appropriate. Model invocation is allowed (the platform default), which means the agent could perform sequences autonomously if granted by the user; SKILL.md emphasizes waiting for confirmation at every gate, which limits autonomous actions but relies on the agent following those instructions.
Assessment
This skill appears internally consistent, but review and control what it can access before use: 1) Only run it against repositories you can afford to change — try a disposable/test repo first. 2) Confirm your GitHub CLI (gh) is authenticated and check what account/organization it will act as; limit token scopes if possible. 3) Inspect the generated projects.yaml and docs/environments/* files before allowing automated runs or merges. 4) Keep backups or protected branches for important repos and consider requiring human approval for merges in production branches. 5) If you want stricter guarantees, ask the agent to show every planned commit/PR and require explicit user approval before creating or merging them.

Like a lobster shell, security has layers — review code before you run it.

latestvk97983f9081sph044mnvjtk8xh81x3tn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🤖 Clawdis
Binsnode, git, gh

Comments