Code To Prd
v2.1.1Reverse-engineer any codebase into a complete Product Requirements Document (PRD). Analyzes routes, components, state management, API integrations, and user...
⭐ 0· 102·1 current·1 all-time
byAlireza Rezvani@alirezarezvani
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (reverse-engineer code → PRD) align with the included files and instructions: two Python scripts (analyzer + scaffolder) plus docs implement the advertised 3‑phase workflow and framework heuristics. Nothing requested (no env vars, no binaries) is out of scope for this purpose. Note: the README/SKILL.md make strong claims about exhaustive reconstruction which are implemented as heuristics — capability may be overstated but not malicious.
Instruction Scope
SKILL.md and the scripts instruct the agent to recursively scan the provided project directory, parse files, and write a prd/ directory. That is expected. However the instructions do not constrain which path is analyzed — if the agent is pointed at sensitive system locations (e.g., /, ~, ~/.ssh, etc.) the scripts will read them. The behavior to read arbitrary files is expected for a codebase analyzer but you should avoid running it against directories containing secrets.
Install Mechanism
No install spec provided; the skill is instruction+script only and uses Python stdlib. This is lowest-risk from an install/execution perspective (nothing is downloaded at install time).
Credentials
The skill declares no required environment variables, no credentials, and no config paths. The included Python scripts operate on filesystem input and write output; they do not request secrets. This is proportionate to the stated purpose.
Persistence & Privilege
always is false and the skill does not request or modify other skills or global agent settings. It creates files under the specified output directory only. Autonomous invocation is allowed (platform default) but not combined with other high-risk privileges.
Assessment
This skill appears to do what it says: it scans a local project directory and writes a PRD scaffold. Before running it: (1) Inspect the two Python scripts yourself (they use os.walk and file reads/writes; no network calls were found in the provided snippets). (2) Run the tool on a copy or inside a sandbox/container rather than pointing it at system or home directories (to avoid accidental disclosure of secrets). (3) Expect heuristic output — verify generated PRD details against the source code because the analyzer may miss or misinterpret things. (4) If you plan to run it on private repositories with secrets, review the code carefully for any hidden network exfiltration (none was detected in the provided files) and consider running offline without network access.Like a lobster shell, security has layers — review code before you run it.
latestvk97e869ax8y0e91t5vee72q115838zv1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.