Prd
PassAudited by VirusTotal on May 13, 2026.
Overview
Type: OpenClaw Skill Name: prd Version: 2.0.5 The skill is classified as suspicious due to the presence of highly risky commands and instructions within its documentation, specifically in `references/agent-usage.md` and `references/output-patterns.md`. These files, intended to describe how *other* AI agents execute PRDs, contain examples like `claude --print --dangerously-skip-permissions`, instructions for `git` operations (checkout, commit), and running arbitrary quality checks (typecheck, lint, test). While the `SKILL.md` explicitly states this skill 'only edits PRDs', the inclusion of such powerful and potentially harmful commands in documentation that an AI agent is expected to process creates a significant prompt injection surface and exposes the agent to knowledge of dangerous system-level capabilities, even if not directly intended for execution by this specific skill.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user who follows this workflow could let an AI agent modify, test, and repeatedly change a repository without review or normal tool-approval safeguards.
This explicitly recommends an unattended agent loop that bypasses normal permission checks while implementing code changes and updating project state.
while :; do
claude --print --dangerously-skip-permissions \
"Read prd.json, find first story where passes=false, implement it, run checks, update passes=true if successful"
doneDo not run the unattended '--dangerously-skip-permissions' loop by default. Use story-by-story execution, keep permission prompts enabled, review diffs before commits, and set a clear maximum number of iterations.
The agent could keep running and making further attempts or changes until manually stopped.
The documented loop is intentionally unattended and externally infinite; if the agent fails to mark work complete or encounters repeated errors, it may continue operating beyond the user's intended task boundary.
## Unattended Agentic Loop ### Claude Code ```bash while :; do
Replace the infinite loop with a bounded command, require explicit user confirmation between stories, and stop automatically on errors or unexpected file changes.
Future agent runs may trust incorrect, outdated, or injected guidance from progress.txt.
The workflow uses a persistent progress file as context for future agent iterations, so stale or manipulated notes could influence later implementation choices.
Read `progress.txt` (check Codebase Patterns first) ... Append to `progress.txt` after each iteration (never replace)
Review progress.txt before each run, keep it free of secrets, and treat its contents as editable project notes rather than authoritative instructions.