Superclaw
v1.0.1Complete software development workflow enforcing design → plan → execution with checkpoints
⭐ 0· 363·0 current·0 all-time
byHammad Hai@brothaakhee
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill's name and description (enforcing a design→plan→execute workflow) align with the runtime instructions: asking clarifying questions, saving design/plan files, batching tasks, updating memory, and spawning subagents for isolated task execution. It does not request unrelated binaries, environment variables, or external endpoints.
Instruction Scope
The SKILL.md explicitly instructs the agent to read/write workspace files (workspace/docs/plans/, workspace/memory/) and to read MEMORY.md / USER.md for context; it also shows example use of sessions_spawn to run isolated subagents and example use of home-paths (e.g., ~/.todos.json). This is coherent with its memory-integration claim, but users should be aware that reading MEMORY.md and writing files to the workspace (and optionally home paths in examples) will access local contextual data and produce artifacts on disk — expected behavior for a workflow enforcement skill.
Install Mechanism
No install spec and no code files are included; this is instruction-only so nothing is downloaded or written during install. That minimizes install-time risk.
Credentials
The skill declares no required environment variables, credentials, or config paths. The memory and workspace path access it documents is proportional to its purpose (context-aware planning and progress logging). There are no unrelated credential requests.
Persistence & Privilege
The skill does not request always:true or elevated persistent privileges. It relies on normal agent capabilities (reading/writing workspace files and spawning sessions_spawn subagents). Those are appropriate for an execution/workflow skill, but will operate with whatever permissions the agent already has.
Assessment
Superclaw appears coherent and instruction-only, but before enabling it: (1) confirm you are comfortable the agent will read MEMORY.md and USER.md (these can contain sensitive user preferences/history); (2) verify the workspace paths it will write to (workspace/docs/plans/ and workspace/memory/) so artifacts don't leak into places you don't want; (3) note that sessions_spawn will create subagents to perform tasks — those subagents run with the agent's existing privileges, so review produced files/plans before allowing automatic execution; and (4) watch for examples that reference home paths (e.g., ~/.todos.json) — if you prefer all artifacts confined to a sandboxed workspace, modify the plan or instruct the agent accordingly.Like a lobster shell, security has layers — review code before you run it.
latestvk97dd97rrtd6p8tmrb499qdjvs81x59g
License
MIT-0
Free to use, modify, and redistribute. No attribution required.