Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Write Adr
v1.1.1Generate ADRs from decisions made in the current session. Extracts decisions, confirms with user, writes MADR-formatted documents.
⭐ 0· 39·0 current·0 all-time
byKevin Anderson@anderskev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The declared purpose (extract decisions from the session and write MADR-formatted ADRs) aligns with the SKILL.md workflow. However the instructions assume the ability to run git and python, to execute a local script (skills/adr-writing/scripts/next_adr_number.py), and to load other named skills (beagle-analysis:adr-decision-extraction and beagle-analysis:adr-writing) even though the registry metadata lists no required binaries or credentials. These runtime expectations should be declared explicitly.
Instruction Scope
The SKILL.md instructs the agent to run shell commands (git, ls, find), to examine the repository ("Explore codebase for additional context"), to execute a local python script for ADR number allocation, and to launch multiple background subagents. It will read and write files under docs/adr or docs/adrs and surface full decision content to the user. These actions are within the ADR-writing purpose but expand scope to arbitrary repository files and to executing repository scripts — which can be risky if the repository contains unexpected code. There is also an inconsistency in directory names: Step 1 checks docs/adrs/ (plural) while Step 4 writes to docs/adr/ (singular).
Install Mechanism
This is an instruction-only skill with no install spec and no code files, which minimizes installer-level risk. Nothing will be downloaded or written by the skill package itself.
Credentials
The skill declares no required environment variables or credentials, which is proportionate to its stated purpose. However, it implicitly requires git and python to be present on the host and relies on other named skills/subagents whose own credential needs are not visible here. The SKILL.md does not declare these binary requirements or any expectations about the availability/trustworthiness of the referenced sub-skills.
Persistence & Privilege
The skill does not request persistent/always-on privileges (always: false). It sets disable-model-invocation: true in metadata and the top of SKILL.md, which is notable because the instructions still expect to launch model-backed subagents; that mismatch may limit functionality depending on platform enforcement but is not itself an escalation of privilege.
What to consider before installing
What to consider before installing:
- The skill will run git and python commands and will read and write files in your repository (it looks for docs/adrs/ and writes to docs/adr/ — note the plural vs singular inconsistency). Confirm you are comfortable with an agent that can inspect repo files and create ADR markdown files.
- The SKILL.md instructs executing a local script (skills/adr-writing/scripts/next_adr_number.py). If that script exists in the repo it will be executed — review its contents before running to ensure it's safe.
- The skill loads and invokes other named skills/subagents (beagle-analysis:adr-decision-extraction and beagle-analysis:adr-writing). Verify those skills exist and are trusted; they may have their own requirements or behaviors.
- The metadata does not declare required binaries (git, python). Ensure those tools are available and consider testing in a safe environment or on a copy of the repo first.
- The disable-model-invocation flag is set but the instructions expect subagent model calls; confirm how the platform enforces this and whether the skill will function as intended.
- If you need higher confidence: ask the publisher for the source (or a trusted repository), a clear list of required binaries, and corrected paths (docs/adrs vs docs/adr). If the author provides those and the referenced sub-skills are trusted, the skill would be coherent and lower-risk.Like a lobster shell, security has layers — review code before you run it.
latestvk97d444t16a9sb049dv34h36b183xm03
License
MIT-0
Free to use, modify, and redistribute. No attribution required.