Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Prd
v2.0.5Create and manage Product Requirements Documents (PRDs). Use when: (1) Creating structured task lists with user stories, (2) Specifying features with acceptance criteria, (3) Planning feature implementation for AI agents or human developers.
⭐ 9· 5.5k·44 current·45 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill name and description (create/manage PRDs) align with the provided templates, prd.json format, and workflows. However, the documentation repeatedly references running external agent CLIs (claude, opencode, dev-browser skill) and git worktree operations while the skill declares no required binaries or environment variables. The omission of those dependencies is an inconsistency: a skill that instructs use of specific agent CLIs should declare them (and any required API keys) in requirements.
Instruction Scope
SKILL.md and references explicitly instruct autonomous agents to read/modify prd.json and progress.txt, create/check out branches, implement code, run checks, commit changes, and mark stories complete. The 'Unattended Agentic Loop' example runs an infinite loop and uses 'claude --dangerously-skip-permissions', which bypasses permission prompts — this encourages unsupervised modification of repositories and bypasses safety controls. While implementing PRD items can legitimately involve repo modifications, the instructions grant broad, unsupervised authority and include a clear permission-bypass recommendation, which is a high-risk scope expansion.
Install Mechanism
The skill is instruction-only with no install spec and no code files. This is low-risk from an installation perspective because it doesn't write code or download artifacts to disk. The main risk comes from the runtime instructions (see instruction_scope), not from install behavior.
Credentials
The skill declares no required environment variables or credentials, yet its docs instruct use of CLIs (claude, opencode, dev-browser) which typically require API keys or auth. Not declaring needed env vars is an omission that hides the fact that secret credentials will be needed at runtime if the recommended tooling is used. Additionally, the skill asks agents to modify repos and create branches but doesn't specify repository access constraints, which increases the blast radius if an agent runs with wide permissions.
Persistence & Privilege
The skill is not marked always:true, and model invocation is allowed (default). Combined with instructions for autonomous agentic loops and automated commits/branching, that means an agent could be invoked autonomously to modify codebases. The combination of autonomous invocation + explicit instruction to bypass permissions and run indefinite loops increases risk; the skill itself doesn't request persistent installation, but its runtime patterns effectively ask for long-lived operational privileges over a repo when executed.
What to consider before installing
This skill's PRD templates and workflow are reasonable for generating and tracking stories, but the runtime documents recommend running autonomous agent loops that: (a) call CLIs like 'claude' and 'opencode' (which require API keys) even though no binaries or env vars are declared, and (b) include an example that uses '--dangerously-skip-permissions' and an infinite loop. Before installing or running this skill: 1) Do not run any example that uses 'dangerously-skip-permissions' or infinite loops. 2) Require a human-in-the-loop for any code commits and limit agent permissions (use a throwaway/test repo or read-only tokens initially). 3) If you plan to run agents, explicitly provision and audit the necessary CLIs and API keys (and update the skill metadata to declare them). 4) Back up repositories and ensure CI safeguards (protected branches) so autonomous agents cannot push directly to main. 5) Ask the publisher to clarify intended runtime (are agents meant only to prepare PRDs or to autonomously modify repos?) and to remove unsafe examples or document safe, permissioned execution modes.Like a lobster shell, security has layers — review code before you run it.
latestvk97fz98284h9z7mfxmqc8akwzn7z709j
License
MIT-0
Free to use, modify, and redistribute. No attribution required.