ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Nm Attune Mission Orchestrator

v1.0.0

Lifecycle orchestrator that auto-detects project state and routes to the correct development phase

0· 52·1 current·1 all-time
by@athola
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description and the SKILL.md consistently describe a lifecycle orchestrator that delegates to attune/leyline skills and persists mission state. The declared config paths (night-market.attune/* and night-market.leyline/*) align with invoked skills and hooks, so purpose and high-level capabilities are coherent.
!
Instruction Scope
SKILL.md instructs the agent to scan the repository (docs/*, .attune/, git history), read and modify artifacts (update 'Out of Scope' with issue references), persist state to .attune/mission-state.json, run git commands (git log --since) and run the GitHub CLI (gh issue create). These actions go beyond passive analysis: they read and write repo files and invoke external network operations. While these are plausible for an orchestrator, they are not declared and grant the skill broad discretion to modify project files and call external endpoints.
Install Mechanism
Instruction-only skill with no install steps or downloaded code. That minimizes installer risk because nothing new is written to disk by an installer. The runtime actions (file I/O, shell commands) remain a runtime concern rather than an install-time risk.
!
Credentials
The skill requires no environment variables in metadata, but its instructions rely on tools and credentials that are not declared: the GitHub CLI ('gh') and authenticated GitHub access to create issues, plus git for repository checks. It will also write to the working tree (.attune/mission-state.json and possibly update artifacts). The missing declaration of required binaries and credentials (e.g., gh auth/GITHUB_TOKEN) is a mismatch and could lead to unexpected network activity or failures.
Persistence & Privilege
The skill persists state to .attune/mission-state.json and can modify artifacts (adding issue references). That persistence and write access is consistent with an orchestrator's needs, but it is persistent on disk and will alter repository files. 'always' is false (good). Autonomous invocation is allowed by default—combined with the above concerns, this increases the blast radius if the agent is granted repo and GitHub permissions.
What to consider before installing
This skill appears to implement what it claims, but its runtime instructions expect local git and the GitHub CLI and will read and modify repository files and create issues on GitHub. Before installing or running it: (1) Confirm who will run the skill and what git/GitHub credentials that agent has. (2) Expect it to write .attune/mission-state.json and possibly edit artifact files—keep backups or run in a fork/isolated repo. (3) If you do not want automatic issue creation, use the --no-auto-issues flag or avoid --auto. (4) Ask the publisher to declare required binaries and credentials (e.g., gh, git, GITHUB_TOKEN) in the skill metadata so you can evaluate permissions. (5) If you need higher assurance, review the attune and leyline skill implementations that this orchestrator invokes to confirm they do not perform unexpected network or credential access.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🦞 Clawdis
Confignight-market.attune:project-brainstorming, night-market.attune:project-specification, night-market.attune:project-planning, night-market.attune:project-execution, night-market.attune:war-room-checkpoint, night-market.leyline:risk-classification, night-market.leyline:damage-control
latestvk972pcstxnc4fb8nnzypd19wfx84kea6
52downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
@athola
latest
Download

Night Market Skill — ported from claude-night-market/attune. For the full experience with agents, hooks, and commands, install the Claude Code plugin.

Table of Contents

Mission Orchestrator

Overview

Wraps the entire attune development lifecycle (brainstorm → specify → plan → execute) into a single mission with automatic state detection, type selection, and phase routing. Follows the "persistent presence lens" pattern from spec-kit:speckit-orchestrator — delegates entirely to existing skills via Skill() calls, never re-implements phase logic.

When To Use

  • Starting a new project from scratch (full lifecycle)
  • Resuming an interrupted project workflow
  • Running a focused tactical implementation from existing specs
  • Quick-fixing from an existing implementation plan

When NOT To Use

  • Running a single phase directly (use /attune:brainstorm, /attune:specify, etc.)
  • Non-project work (code review, debugging, research)
  • When you need fine-grained control over phase transitions

Mission Lifecycle

1. State Detection
   Scan for existing artifacts (project-brief.md, specification.md, etc.)
       |
2. Mission Type Selection
   Auto-detect type based on artifacts, or accept user override
       |
3. Phase Routing Loop
   For each phase in the mission type:
       a. Pre-phase validation (check prerequisites)
       b. Invoke Skill(attune:{phase-skill})
       c. Post-phase artifact check (verify output exists)
       d. Post-phase backlog triage (create GitHub issues
          for out-of-scope items after brainstorm/specify)
       e. Update mission state
       f. User checkpoint (skippable with --auto)
       g. Error handling via leyline:damage-control
       |
4. Completion
   All phases complete, final state saved

Mission Types

TypePhasesAuto-detected When
fullbrainstorm → specify → plan → executeNo artifacts exist
standardspecify → plan → executedocs/project-brief.md exists
tacticalplan → executedocs/specification.md exists
quickfixexecutedocs/implementation-plan.md exists

See modules/mission-types.md for full type definitions and custom type support.

Phase-to-Skill Mapping

PhaseSkill InvokedArtifact Produced
brainstormSkill(attune:project-brainstorming)docs/project-brief.md
specifySkill(attune:project-specification)docs/specification.md
planSkill(attune:project-planning)docs/implementation-plan.md
executeSkill(attune:project-execution)Implemented code + tests

The orchestrator never re-implements phase logic. Each phase is a complete Skill() invocation that handles its own workflow.

Session Recovery

Missions persist state to .attune/mission-state.json. On resume:

  1. Load mission state file
  2. Validate referenced artifacts still exist on disk
  3. Identify last completed phase
  4. Continue from next phase in sequence

See modules/mission-state.md for the state schema and recovery protocol.

Mission Charter

Define mission boundaries using the structured template from references/mission-charter.md. A Mission Charter specifies:

  • Outcome: What success looks like
  • Success metric: Measurable completion criteria
  • Deadline: Time boundary (session, date, or duration)
  • Constraints: Token/time budgets, forbidden actions
  • Scope: In-scope and out-of-scope areas
  • Stop criteria: Conditions that halt the mission

See references/mission-charter.md for the full template and examples.

Progress Reports

Track progress with structured checkpoints using references/progress-report.md. Generate reports at:

  • Phase boundaries (between brainstorm→specify→plan→execute)
  • Blocker identification
  • Risk escalation
  • Budget thresholds (50%, 75%, 90%)

See references/progress-report.md for the template and checkpoint rhythm guidance.

Module Reference

  • mission-types.md: Type definitions, auto-detection logic, custom types
  • state-detection.md: Artifact existence checks, quality validation, staleness
  • phase-routing.md: Phase execution protocol, transition hooks, error handling
  • mission-state.md: State schema, persistence, recovery protocol

Reference Modules

  • mission-charter.md: Structured mission definition template
  • progress-report.md: Checkpoint status report template

Related Skills

  • Skill(attune:project-brainstorming) - Brainstorm phase
  • Skill(attune:project-specification) - Specify phase
  • Skill(attune:project-planning) - Plan phase
  • Skill(attune:project-execution) - Execute phase
  • Skill(attune:war-room-checkpoint) - Risk assessment for RED/CRITICAL tasks
  • Skill(leyline:risk-classification) - Task risk classification
  • Skill(leyline:damage-control) - Error recovery during phases

Related Commands

  • /attune:mission - Invoke this skill
  • /attune:mission --resume - Resume from saved state
  • /attune:mission --type tactical - Override mission type

Exit Criteria

  • All phases in mission type completed successfully
  • Artifacts exist for each completed phase
  • Mission state saved to .attune/mission-state.json
  • Risk summary generated (tier counts across all tasks)
  • No unresolved errors or blockers

Comments

Loading comments...