pm-requirement-review-simulator
v1.0.1PRD review stress-test simulator: 5 cross-functional roles challenge your requirements across 3 difficulty levels, outputs a scored HTML survival report with...
⭐ 1· 128·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description, required files (scoring rules, playbook, HTML template) and runtime instructions align with a PRD review simulator that produces a scored HTML report. No unrelated binaries, env vars, or credentials are requested.
Instruction Scope
SKILL.md gives detailed, deterministic runtime instructions (input collection, deterministic scoring engine, persona-driven questions, and strict HTML template usage). All referenced resources are bundled in the skill. However, the pre-scan detected unicode-control-chars in SKILL.md (prompt-injection pattern), which could be an attempt to manipulate LLM behavior via invisible characters — this is suspicious but not sufficient to mark the skill incoherent.
Install Mechanism
No install spec and no code files to execute — instruction-only skill. This is lowest-risk for installation.
Credentials
The skill requests no environment variables, credentials, or config paths. The requested scope is proportional to the stated functionality.
Persistence & Privilege
Flags show always:false and autonomous invocation allowed (platform default). The skill does not request elevated persistence or modify other skill/system configs.
Scan Findings in Context
[unicode-control-chars] unexpected: Invisible or control Unicode characters were found in SKILL.md. There is no legitimate need for hidden control characters in a PRD review simulator; such characters are a common vector for prompt-injection or obfuscation. The finding warrants manual inspection of the SKILL.md source to locate and remove any non-printing characters.
Assessment
This skill appears to do what it says: it uses bundled playbooks, a deterministic scoring engine, and an HTML template to simulate cross-functional PRD reviews. Before installing: 1) Manually inspect SKILL.md (and other text files) for non-printing/control Unicode characters and remove them — the scanner flagged unicode-control-chars which can alter LLM parsing. 2) Avoid pasting sensitive or proprietary PRDs until you confirm the agent will not send data externally (there are no explicit external endpoints in the files, but instruction-only skills run in your agent environment). 3) Run initial tests with dummy or public PRDs to validate outputs (scoring JSON + generated HTML) and ensure the agent follows the deterministic scoring rules. 4) If you plan to use proprietary data, verify logging/data retention policies of your agent runtime. If you want higher assurance, request the skill author to provide a short changelog explaining why control characters were present or to publish the skill source in a verifiable repo.Like a lobster shell, security has layers — review code before you run it.
latestvk97d3mqnhab04cvc5fmj0jeaq584sqek
License
MIT-0
Free to use, modify, and redistribute. No attribution required.